Camino

**Name of the Vulnerable Software and Affected Versions** Kochsuite (com kochsuite) version 0.9.4 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `mosConfig absolute path` parameter. This can be achieved by manipulating the API endpoint, although the specific endpoint is not mentioned. The estimated number of potentially affected devices and details about real-world incidents are not provided. **Recommendations** For version 0.9.4, consider restricting access to the `config.kochsuite.php` file to minimize the risk of exploitation. Avoid using the `mosConfig absolute path` parameter in affected configurations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mambo and Joomla! component com mambowiki versions 0.9.6 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `IP` parameter. This can be achieved by manipulating the URL to include malicious PHP code, which can then be executed by the server. **Recommendations** For versions 0.9.6 and earlier, consider restricting access to the MamboWiki component until a fix is available. As a temporary workaround, avoid using the `IP` parameter in URLs to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Remository Component (com remository) versions 3.25 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code when register globals is enabled. This is achieved via a URL in the `mosConfig absolute path` parameter in the admin.remository.php file. **Recommendations** For Remository Component (com remository) versions 3.25 and earlier, consider disabling the `register globals` setting to prevent exploitation until a patch is available. Restrict access to the admin.remository.php file to minimize the risk of arbitrary PHP code execution. Avoid using the `mosConfig absolute path` parameter in the affected URL until the issue is resolved.