Linux Today: Linux News On Internet Time.

More on LinuxToday

Multiple Unpatched Vulnerabilities in Open Source CMS Mambo

Jan 30, 2008, 19:30 (0 Talkback[s])

"SecurityFocus has on Monday reported vulnerabilities in the open source content management system Mambo, which could be exploited by attackers to view confidential information or compromise a system. Four flaws have been found, and as yet no fix has been issued.

"The mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php script fails to correctly filter the content of the file[NewFile][tmp_name] parameter, so that crafted arguments can be used to delete files such as configuration.php on the server..."

Complete Story

Related Stories: