When viewing the CiviCRM "Mailing" report, a logged-in user could modify the URL to access the report for another mailing -- even if
they ordinarily would not have access that information.
- 4.7.20 and earlier
- 4.6.28 and earlier
Upgrade to the latest version of CiviCRM
If you cannot upgrade your should apply the following patch
Dave Jenkins of Circle interactive for reporting the issue and fixing it