Joomla Event Booking Extension 'com_eventbooking' Arbitrary File Download Vulnerability

Joomla Event Booking Extension is prone to an arbitrary file-download vulnerability.
An attacker can exploit this issue to download arbitrary files within the context of the web server process. Information obtained may aid in further attacks.
Event Booking Extension version 3.8.3 and prior are vulnerable.

Information

Bugtraq ID: 106042
Class: Design Error
CVE:
Remote: Yes
Local: No
Published: Nov 29 2018 12:00AM
Updated: Nov 29 2018 12:00AM
Credit: KingSkrupellos from Cyberizm Digital Security Army
Vulnerable: Joomla Event Booking 3.8.3

Not Vulnerable:

Exploit

Attackers can exploit this issue using browser or readily available tools.

References:

• Joomla Event Booking Extension Home Page ()
  
• Joomla Home Page ()
  

Source: www.securityfocus.com