Name of the Vulnerable Software and Affected Versions:

ANJEL (formerly MaMML) Component (com anjel) for Mambo (affected versions not specified)

Description:

A remote file inclusion issue exists, allowing remote attackers to execute arbitrary PHP code via a URL in the `mosConfig absolute path` parameter. This issue has been disputed by a third party, who claims that `$mosConfig absolute path` is set in a configuration file.

Recommendations:

At the moment, there is no information about a newer version that contains a fix for this vulnerability.