Name of the Vulnerable Software and Affected Versions:

BSQ Sitestats (bsq sitestats) versions prior to 2.1.1 for Joomla!

Description:

The issue allows remote attackers to execute arbitrary PHP code via a URL in the `mosConfig absolute path` parameter. This can be exploited by sending a malicious URL to the vulnerable endpoint.

Recommendations:

For versions prior to 2.1.1, update to version 2.1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `mosConfig absolute path` parameter to minimize the risk of exploitation.