PHP remote file inclusion vulnerability in adminips.php in Develooping Flash Chat allows remote attackers to execute arbitrary PHP code via a URL in the banned_file parameter. NOTE: CVE disputes this vulnerability because banned_file is set to a constant value
https://exchange.xforce.ibmcloud.com/vulnerabilities/27233
http://www.securityfocus.com/bid/18480
http://www.securityfocus.com/archive/1/437411/30/4320/threaded