Yesterday evening a large security hole was discovered in Mambo. Abusing global variables a possible attacker can get admin access to your website and to your database. The hole is present in all versions of Mambo, the old 4.5 version and the actual version 4.5.1.

Therefore updating is highly recommended. Again this is a major security hole. To do so the development team has released two patch files for both versions. Download the according file from our filebase, unpack it and upload the it to your Mambo root directory. Only one file has to be changed, which is /includes/mambo.php for Mambo 4.5.1 and /classes/mambo.php for the old version.

If you have any questions about the hole or need assistance while updating please use our Security forum over at Mambers.com:

• Security Forum @ Mambers.com