Security update for Mambo
The developers of the content management system Mambo have released version 4.6.4, which fixes three security flaws. According to their security advisory, manipulated
mcname parameters could be used to transmit arbitrary commands to the underlying database. For the attack to succeed the
magic_quotes_gpc PHP option has to be disabled.
In addition, the developers have closed a CRLF injection hole (carriage return, line feed) that allows attackers to manipulate HTTP headers sent to users. Finally, a cross-site scripting hole has been closed in the software's MOStlyCE editor. The developers recommend that users install the new Mambo version as soon as possible.
- Please upgrade your sites to Mambo 4.6.4, press release from the developers of Mambo