It’s been a month since our disclosure of a low-severity vulnerability affecting Akeeba Backup version 3.11.4, which allowed an attacker to list and download backups from a target website using the extension’s JSON API. As promised, here’s the technical details describing how it was possible for us to send valid requests to the API and download our test website’s database and file backups.
more here..........http://blog.sucuri.net/2014/10/the-details-behind-the-akeeba-backup-vulnerability.html
more here..........http://blog.sucuri.net/2014/10/the-details-behind-the-akeeba-backup-vulnerability.html