---

Multiple Unpatched Vulnerabilities in Open Source CMS Mambo

“SecurityFocus has on Monday reported vulnerabilities in the
open source content management system Mambo, which could be
exploited by attackers to view confidential information or
compromise a system. Four flaws have been found, and as yet no fix
has been issued.

“The
mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php
script fails to correctly filter the content of the
file[NewFile][tmp_name] parameter, so that crafted arguments can be
used to delete files such as configuration.php on the
server…”

Complete
Story

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis