Joomla Event Booking Extension 'com_eventbooking' Arbitrary File Download Vulnerability

Joomla Event Booking Extension is prone to an arbitrary file-download vulnerability.
An attacker can exploit this issue to download arbitrary files within the context of the web server process. Information obtained may aid in further attacks.
Event Booking Extension version 3.8.3 and prior are vulnerable.


Bugtraq ID: 106042
Class: Design Error
Remote: Yes
Local: No
Published: Nov 29 2018 12:00AM
Updated: Nov 29 2018 12:00AM
Credit: KingSkrupellos from Cyberizm Digital Security Army
Vulnerable: Joomla Event Booking 3.8.3

Not Vulnerable:


Attackers can exploit this issue using browser or readily available tools.

Related Posts