Most likely, it executes whatever code is in the post variable 'x' as php, so if someone posted some malicious php code it could be pretty bad depending on how your server is configured.
I don't really see any real point in having that in there and would most likely remove it unless you know it's used for something and even then i'd find a way to replace that functionality w/o something that didn't leave such a big security hole.
That code CANNOT be used for anything good, period.
If your toplist stops working after removing that line, find another piece of software to replace it, no programmer with half a clue would include that code.
Comment