Joomla Event Booking Extension 'com_eventbooking' Arbitrary File Download Vulnerability
BID:106042
Info
Joomla Event Booking Extension 'com_eventbooking' Arbitrary File Download Vulnerability
| Bugtraq ID: | 106042 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 29 2018 12:00AM |
| Updated: | Nov 29 2018 12:00AM |
| Credit: | KingSkrupellos from Cyberizm Digital Security Army |
| Vulnerable: |
Joomla Event Booking 3.8.3 |
| Not Vulnerable: | |
Discussion
Joomla Event Booking Extension 'com_eventbooking' Arbitrary File Download Vulnerability
Joomla Event Booking Extension is prone to an arbitrary file-download vulnerability.
An attacker can exploit this issue to download arbitrary files within the context of the web server process. Information obtained may aid in further attacks.
Event Booking Extension version 3.8.3 and prior are vulnerable.
Joomla Event Booking Extension is prone to an arbitrary file-download vulnerability.
An attacker can exploit this issue to download arbitrary files within the context of the web server process. Information obtained may aid in further attacks.
Event Booking Extension version 3.8.3 and prior are vulnerable.
Exploit / POC
Joomla Event Booking Extension 'com_eventbooking' Arbitrary File Download Vulnerability
Attackers can exploit this issue using browser or readily available tools.
Attackers can exploit this issue using browser or readily available tools.
Solution / Fix
Joomla Event Booking Extension 'com_eventbooking' Arbitrary File Download Vulnerability
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
Joomla Event Booking Extension 'com_eventbooking' Arbitrary File Download Vulnerability
References:
References: