Joomla · A6Mambocredits · CVE-2006-4288
**Name of the Vulnerable Software and Affected Versions**
a6mambocredits component (com a6mambocredits) versions 2.0.0 and earlier
**Description**
The issue allows remote attackers to execute arbitrary PHP code via a URL in the `mosConfig live site` parameter in the admin.a6mambocredits.php file.
**Recommendations**
For versions 2.0.0 and earlier, consider restricting access to the `admin.a6mambocredits.php` file until a fix is available. Avoid using the `mosConfig live site` parameter in the affected component until the issue is resolved.