SECUNIA ADVISORY ID:
Customer Area (Credentials Required)
A vulnerability has been discovered in Frontend-User-Access component
for Joomla!, which can be exploited by malicious people to disclose
potentially sensitive information.
Input passed via the "controller" parameter to index.php (when
"option" is set to "com_frontenduseraccess") is not properly verified
before being used. This can be exploited to include arbitrary files
from local resources via directory traversal sequences and
URL-encoded NULL bytes.
The vulnerability is confirmed in version 3.4.1 (free version). Other
versions may also be affected.
Edit the source code to ensure that input is properly verified.
PROVIDED AND/OR DISCOVERED BY:
wishnusakti + inc0mp13te