27 May 2008, 14:13
Security update for Mambo
The developers of the content management system Mambo have released version 4.6.4, which fixes three security flaws. According to their security advisory, manipulated articleid and mcname parameters could be used to transmit arbitrary commands to the underlying database. For the attack to succeed the magic_quotes_gpc PHP option has to be disabled.
In addition, the developers have closed a CRLF injection hole (carriage return, line feed) that allows attackers to manipulate HTTP headers sent to users. Finally, a cross-site scripting hole has been closed in the software's MOStlyCE editor. The developers recommend that users install the new Mambo version as soon as possible.
See also:
- Please upgrade your sites to Mambo 4.6.4, press release from the developers of Mambo
(mba)
Print Version | Send by email
| Permalink: http://h-online.com/-735307
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
