Description

Sucuri reported a vulnerability in Akeeba Backup for Joomla! that could allow an attacker to list and download backups created with the Akeeba extension. This vulnerability is present on Joomla websites running Akeeba that have the "Enable front-end and remote backup" option activated.

Remediation

Upgrade to the latest version of Akeeba Backup for Joomla!.

References

Security Advisory - Akeeba Backup for Joomla!

The Details Behind the Akeeba Backup Vulnerability

Related Vulnerabilities

WordPress Plugin Booked-Appointment Booking for WordPress Security Bypass (2.2.5)

Joomla! Core 3.3.x Security Bypass (3.3.0 - 3.3.3)

WordPress Plugin WP FullCalendar Security Bypass (1.4.1)

Joomla! Core 1.0.5 Security Bypass (1.0.5)

WordPress Plugin WP Mobile Menu-The Mobile-Friendly Responsive Menu Security Bypass (2.7.2)

Severity

High

Classification

CWE-287 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Authentication Bypass