A hacker website recently published a report stating ABPro is vulnerable to an LFI attack.
Current 2.0.1 and 1.4.x versions, are not vulnerable, but some older versions (2.0 beta to RC4, 2.0.1 beta to RC2) may be vulnerable.
The publishing on hacker web sites means lots of scum bags will be trying it on every ABPro site they can find. If you are running a vulnerable version as listed above, the attached may be successful. If you are running a vulnerable version you should upgrade immediately.
It is advised you upgrade to the current release, 2.0.1 RC3
Note: Upgrading will not stop attacks, it just ensures they will be ignored. Hopefully the low life scum out there doing the attacks will get bored and go bother someone else.
To determine what version you are currently running you can use the Joomla Extension Manager.
To upgrade to the current release:
Login to appointmentbookingpro.com
Download the current version
The upgrade instructions are on the download page, basically..
• Backup with ABPro Backup/Restore
• Uninstall old version
• Install new version
• Restore with ABPro Backup/Restore