By_Casper41

**Name of the Vulnerable Software and Affected Versions** e107 123 Flash Chat module version 6.8.0 **Description** The issue allows remote attackers to execute arbitrary PHP code when register globals is enabled. This is achieved by providing a URL in the `e107path` parameter. **Recommendations** For version 6.8.0, consider disabling the register globals setting to prevent exploitation until a patch is available. Restrict access to the 123flashchat.php file to minimize the risk of arbitrary PHP code execution. Avoid using the `e107path` parameter in the affected module until the issue is resolved.