**Name of the Vulnerable Software and Affected Versions**

phpReactor version 1.2.7pl1

**Description**

Multiple PHP remote file inclusion issues allow remote attackers to execute arbitrary PHP code via a URL in the `pathtohomedir` parameter to certain PHP files, including (1) ekilat.com-int.tpl.php, (2) phpreactor.org-top.tpl.php, or (3) ekilat.com-top.tpl.php in the examples/ directory. This issue is disputed since it only occurs when the product is incorrectly installed by placing examples/ under the web root.

**Recommendations**

For phpReactor version 1.2.7pl1, avoid placing the examples/ directory under the web root to prevent exploitation. As a temporary workaround, consider restricting access to the `pathtohomedir` parameter in the affected PHP files until a proper installation configuration is applied.