CVE-2006-3947

Name of the Vulnerable Software and Affected Versions Mambatstaff component for Mambo versions 3.1b and earlier

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig absolute path parameter in the Mambatstaff component. This can be exploited by sending a malicious URL to the /components/com mambatstaff/mambatstaff.php endpoint.

Recommendations For Mambatstaff component for Mambo versions 3.1b and earlier, avoid using the mosConfig absolute path parameter in the affected endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the mambatstaff.php file to minimize the risk of exploitation.