Morgan

**Name of the Vulnerable Software and Affected Versions** joom12Pic (com joom12pic) version 1.0 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `mosConfig live site` parameter in the admin.joom12pic.php file. **Recommendations** For version 1.0, consider restricting access to the admin.joom12pic.php file to minimize the risk of exploitation. Avoid using the `mosConfig live site` parameter in the affected file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Joomla Flash Fun component version 1.0 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `mosConfig live site` parameter in the admin.joomlaflashfun.php file. **Recommendations** For Joomla Flash Fun component version 1.0, update the component to a version that fixes this issue or restrict access to the admin.joomlaflashfun.php file to minimize the risk of exploitation. As a temporary workaround, consider avoiding the use of the `mosConfig live site` parameter in the affected file until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Joomla Radio 5 (com joomlaradiov5) component for Joomla (affected versions not specified) Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the `mosConfig live site` parameter in the admin.joomlaradiov5.php file. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.