Lumut--

**Name of the Vulnerable Software and Affected Versions** Family Connections Who is Chatting version 2.2.3 **Description** A remote file inclusion issue exists in the mod chatting/themes/default/header.php file, allowing remote attackers to execute arbitrary PHP code via a URL in the `TMPL[path]` parameter. **Recommendations** For Family Connections Who is Chatting version 2.2.3, consider restricting access to the `mod chatting/themes/default/header.php` file until a patch is available. As a temporary workaround, avoid using the `TMPL[path]` parameter in the affected file to minimize the risk of exploitation.