F10

**Name of the Vulnerable Software and Affected Versions** 123 Flash Chat Module for phpBB (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `phpbb root path` parameter to (1) "123flashchat.php" and (2) "phpbb login chat.php". However, it is noted that `$phpbb root path` is explicitly set to "./" in both programs, which may affect the vulnerability's impact. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.