CVE-2008-5793

Name of the Vulnerable Software and Affected Versions Clickheat - Heatmap stats (com clickheat) component version 1.0.1 for Joomla!

Description The issue allows remote attackers to execute arbitrary PHP code via specific parameters in various PHP files. This is achieved by providing a URL in the GLOBALS[mosConfig absolute path] parameter to files such as install.clickheat.php, Cache.php, Clickheat Heatmap.php, and GlobalVariables.php, and the mosConfig absolute path parameter to files like main.php, main.php, and main.php in the includes/overview directory.

Recommendations For Clickheat - Heatmap stats (com clickheat) component version 1.0.1, consider disabling the install.clickheat.php, Cache.php, Clickheat Heatmap.php, GlobalVariables.php, main.php, and main.php files until a patch is available to prevent remote attackers from executing arbitrary PHP code. Restrict access to the includes/heatmap and includes/overview directories to minimize the risk of exploitation. Avoid using the mosConfig absolute path and GLOBALS[mosConfig absolute path] parameters in the affected files until the issue is resolved.