“SecurityFocus has on Monday reported vulnerabilities in the
open source content management system Mambo, which could be
exploited by attackers to view confidential information or
compromise a system. Four flaws have been found, and as yet no fix
has been issued.“The
mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php
script fails to correctly filter the content of the
file[NewFile][tmp_name] parameter, so that crafted arguments can be
used to delete files such as configuration.php on the
server…”