1Nd0N3S14N L4M3R

**Name of the Vulnerable Software and Affected Versions** eoCMS versions 0.9.03 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code when register globals is enabled. This is achieved via a URL in the `BBCODE path` parameter. **Recommendations** For versions 0.9.03 and earlier, consider disabling the register globals setting to prevent exploitation. As a temporary workaround, restrict access to the bbcode-form.php file in the js/bbcodepress directory until a patch is available. Avoid using the `BBCODE path` parameter in the affected endpoint until the issue is resolved.