Mambo · Mambo Gallery Manager · CVE-2006-3980
**Name of the Vulnerable Software and Affected Versions**
Mambo Gallery Manager (MGM) versions 0.95r2 and earlier
**Description**
The issue allows remote attackers to execute arbitrary PHP code via a URL in the `mosConfig absolute path` parameter in the administrator/components/com mgm/help.mgm.php file.
**Recommendations**
For Mambo Gallery Manager (MGM) versions 0.95r2 and earlier, avoid using the `mosConfig absolute path` parameter in the affected API endpoint until the issue is resolved.