Str0Kestr0Ke

Name of the Vulnerable Software and Affected Versions: Joomla! component swMenuFree (com swmenufree) version 4.6 Description: A remote file inclusion issue in the preview.php file of the swMenuFree component allows remote attackers to execute arbitrary PHP code via a URL in the `mosConfig absolute path` parameter. However, it's noted that a reliable third party disputes this issue because preview.php tests a certain constant to prevent direct requests. Recommendations: For version 4.6 of the swMenuFree component, consider restricting access to the `preview.php` file to minimize the risk of exploitation. Additionally, avoid using the `mosConfig absolute path` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.