Dr.Jr7

**Name of the Vulnerable Software and Affected Versions** Mambatstaff component for Mambo versions 3.1b and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `mosConfig absolute path` parameter in the Mambatstaff component. This can be exploited by sending a malicious URL to the `/components/com mambatstaff/mambatstaff.php` endpoint. **Recommendations** For Mambatstaff component for Mambo versions 3.1b and earlier, avoid using the `mosConfig absolute path` parameter in the affected endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the `mambatstaff.php` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** a6mambohelpdesk Mambo Component versions 18RC1 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `mosConfig live site` parameter in the admin.a6mambohelpdesk.php file. **Recommendations** For versions 18RC1 and earlier, consider restricting access to the admin.a6mambohelpdesk.php file until a patch is available. Avoid using the `mosConfig live site` parameter in the affected file to minimize the risk of exploitation.