CVE-2007-1699

Name of the Vulnerable Software and Affected Versions: SWmenu component for Mambo and Joomla! version 4.0

Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig absolute path parameter to ImageManager/Classes/ImageManager.php under the components or administrator/components directory trees. This can be achieved by exploiting the remote file inclusion vulnerability in the SWmenu component.

Recommendations: For SWmenu component version 4.0, consider disabling access to the ImageManager/Classes/ImageManager.php file until a patch is available. Restrict the use of the mosConfig absolute path parameter to minimize the risk of exploitation.