The dofreePDF function in includes/pdf.php in Mambo 4.6.1 does not properly check access rights for database content, which allows remote attackers to read certain content via unspecified vectors.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Mambo_open_source | Mambo | 4.6.1 (including) | 4.6.1 (including) |