Mambo Site Server 4.0.11 installs with a default username and password of admin, which allows remote attackers to gain privileges.
https://exchange.xforce.ibmcloud.com/vulnerabilities/10857
http://archives.neohapsis.com/archives/bugtraq/2002-12/0111.html