Some vulnerabilities have been reported in Mambo, which can be exploited by malicious people to bypass certain security restrictions. 1) A vulnerability is caused due to insufficient privilege checks in includes/pdf.php. No further information is currently available. 2) A vulnerability is caused due to insufficient privilege checks in MOStlyDB Admin. Successful exploitation requires valid administrator credentials. No further information is currently available. The vulnerabilities are reported in version 4.6.1. Prior versions may also be affected. Solution: Update to version 4.6.2.
setting status and acc'ing herd. web-apps, please advise.
mambo-4.6.2 has been added to the tree.
thanks Gunnar. updating CVE ids: CVE-2006-7202 CVE-2007-2557 and closing without glsa. feel free to reopen if you disagree.