Chris Hasibuan

**Name of the Vulnerable Software and Affected Versions** phpMyChat version 0.1 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `ChatPath` parameter in the connected users.lib.php3 file. **Recommendations** For phpMyChat version 0.1, consider restricting access to the connected users.lib.php3 file to minimize the risk of exploitation. Avoid using the `ChatPath` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

PHP remote file inclusion vulnerability in includes/functions kb.php in the phpBB XS 2 (Spain version) allows remote attackers to execute arbitrary PHP code via a URL in the phpbb root path parameter, a different vector than CVE-2006-4780 or CVE-2006-4893.