Investigations by GulfTech Research And Development have revealed a long standing weakness in Mambo that could allow a hacker to compromise sites built on Mambo. The firms findings will be published in about a week's time.

The Mambo development team has created fixes for versions 4.5.3 and 4.5.3h. The new patch files can be found at MamboXchange

The patch packages are delivered in both ZIP and TAR.GZ formats - select whichever is right for you. Each package contains two files - content.php and mambo.php. These should replace the corresponding files in your existing installation, as follows:
(1) The first file (content.php) should be used to overwrite this file:
/components/com_content/content.php.

(2) The second file (mambo.php) should be used to overwrite this file:
/includes/mambo.php.

If you are running an earlier version of Mambo than 4.5.3 we recommend that you consider upgrading.

If you should need assistance or simply wish to discuss Mambo issues with others, please visit the Forums: http://forum.mamboserver.com