Security Advisory – Akeeba Backup for Joomla!

Joomla, Online Security, web design Share this post

Advisory for: Akeeba for Joomla!
Security Risk: Low
Exploitation level: Difficult/Remote
Vulnerability: Access control bypass

If you’re a user of the very popular “Akeeba Backup for Joomla!” extension (with over 8m downloads), you need to update it right away! During a routine audit for our WAF, we found a vulnerability that could allow an attacker to list and download backups created with the Akeeba extension. With a copy of the backups, an attacker can find your database passwords (stored at configuration.php) and the user list along with their hashed passwords and hashed password-reset tokens.

We consider the risk of this vulnerability as “low”, due to the exploit complexity.

Click here to read more

Leave a Reply

Your email address will not be published. Required fields are marked *