Joomla! Appointment Booking Pro Component "view" Local File Inclusion

SECUNIA ADVISORY ID:
SA45324

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/45324/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=45324

RELEASE DATE:
2011-07-27
DESCRIPTION:
Don Tukulesto has reported a vulnerability in the Appointment Booking
Pro component for Joomla!, which can be exploited by malicious people
to disclose sensitive information.

Input passed via the "view" parameter to index.php (when "option" is
set to "com_rsappt_pro2") is not properly verified before being used
to include files. This can be exploited to include arbitrary files
from local resources via directory traversal attacks and URL-encoded
NULL bytes.

SOLUTION:
The vulnerability is fixed in version 2.0.1 RC3.

PROVIDED AND/OR DISCOVERED BY:
Don Tukulesto

ORIGINAL ADVISORY:
Appointment Booking Pro:
http://appointmentbookingpro.com/index.php?option=com_kunena&Itemid=66&func=view&catid=25&id=8129#8129

Don Tukulesto:
http://blog.indonesiancoder.com/appointment-booking-pro-joomla-component-vulnerable