2014-06-09 19:00:00
mitre
PUBLISHED
Mambo CMS 4.6.5 uses world-readable permissions on configuration.php, which allows local users to obtain the admin password hash by reading the file.