The dofreePDF function in includes/pdf.php in Mambo 4.6.1 does not properly check access rights for database content, which allows remote attackers to read certain content via unspecified vectors.
Affected Software
Name |
Vendor |
Start Version |
End Version |
Mambo_open_source |
Mambo |
4.6.1 |
4.6.1 |
References