Security Patch for All Mambo 4.5.x Versions

Written by Team Mambo  

Tuesday, 22 November 2005

There has been a spate of attacks on Mambo sites in the last few days. These have been serious, in that they involved running arbitrary PHP code in the site attacked. This means that the security of information may have been compromised, and back door code may have been installed. Anyone who has been attacked should take great care to ensure that their site has been thoroughly restored to a safe condition. If advice is needed, please post in the Mambo forums.

The development team has devised a fix for the exploits, which needs to be installed in the various index.php files (two in the Mambo root, and three in the administrator directory). The code for the fix is published in the Mambo forums and can be applied to ANY version of Mambo. Or to other PHP software for that matter.

Alternatively, patched index files can be downloaded from Mamboforge in a file called Mambo 4523.security_fix.zip to be found at Mamboforge. The zip file includes a short read_me.txt file with instructions on installation. Again, if there are any queries, please ask in the forums.