Sites running popular open-source CMS Mambo are vulnerable to a new bot can allow remote hijacking of a Mambo-driven site. Mambo has issued a security patch after reports of site defacements. Evidently the vulnerability allows users to upload and then execute code. The Joomla! fork from Mambo seems to have addressed the exploit in a general security patch issued a couple of weeks ago. Two thoughts: first, large open-source communities can address exploits quickly, but also, using a CMS to deliver your content and manage external collaboration will compound your vulnerabilities.