Jank0

**Name of the Vulnerable Software and Affected Versions** JD-Wiki Component (com jd-wiki) versions 1.0.2 and earlier for Joomla! **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `mosConfig absolute path` parameter when `register globals` is enabled. **Recommendations** For JD-Wiki Component (com jd-wiki) versions 1.0.2 and earlier, consider disabling the `register globals` setting to prevent exploitation until a patch is available. Restrict access to the `lib/tpl/default/main.php` file to minimize the risk of exploitation. Avoid using the `mosConfig absolute path` parameter in affected URLs until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Mambo com moodle component (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `mosConfig absolute path` parameter in the moodle.php file of the Mam-moodle alpha component for Mambo. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.