E107 · E107 · CVE-2008-1989
**Name of the Vulnerable Software and Affected Versions**
e107 123 Flash Chat module version 6.8.0
**Description**
The issue allows remote attackers to execute arbitrary PHP code when register globals is enabled. This is achieved by providing a URL in the `e107path` parameter.
**Recommendations**
For version 6.8.0, consider disabling the register globals setting to prevent exploitation until a patch is available. Restrict access to the 123flashchat.php file to minimize the risk of arbitrary PHP code execution. Avoid using the `e107path` parameter in the affected module until the issue is resolved.