A new version of Mambo closes security holes
The developers of the Mambo content management system have released version 4.6.3, which closes four security holes. Secunia have published a security advisory categorising three of them as critical. For instance, one of the vulnerabilities allows arbitrary script and HTML code to be injected into a website (cross-site scripting).
Another flaw remedied in the new version is found in PHPMailer, which is normally integrated in Mambo for e-mails. This problem is anything but new; indeed, it was detected and corrected in connection with Wordpress at the end of June.
At the end of their announcement of the new version, the developers of Mambo downplay the risk that these security vulnerabilities pose, but nonetheless recommend that users of Mambo 4.6.x install the latest version, which not only remedies a number of other flaws, but also provides a few improvements and reportedly increases performance. The developers say that Mambo 4.5.5 is not affected by the problems. It is not clear whether Joomla, a spin off from Mambo, also contains similar vulnerabilities.