Joomla! Akeeba Backup Component Information Disclosure and Denial of Service Vulnerabilities

SECUNIA ADVISORY ID:
SA44217

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/44217/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=44217

RELEASE DATE:
2011-04-19

DESCRIPTION:
A weakness and a vulnerability have been reported in the Akeeba
Backup component for Joomla!, which can be exploited by malicious
people to disclose certain system information and cause a DoS (Denial
of Service).

1) An unspecified error can be exploited to disclose the folder
structure of a vulnerable system. No further information is currently
available.

2) An unspecified error can be exploited to exhaust disk space of a
vulnerable system and cause a crash. No further information is
currently available.

The vulnerabilities are reported in versions prior to 3.2.7.

SOLUTION:
Update to version 3.2.7.

PROVIDED AND/OR DISCOVERED BY:
The vendor credits Jeff Channel.

ORIGINAL ADVISORY:
Akeeba Backup Release Note:
https://www.akeebabackup.com/home/item/1091-akeeba-backup-3-2-7.html