CVE-2014-8739
Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- November 13, 2014
- Published Date
- February 08, 2020
- Last Updated
- August 06, 2024
- Vendor
- Creative Solutions
- Product
- Creative Contact Form
- Description
- Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute arbitrary code by uploading a PHP file with an PHP extension, then accessing it via a direct request to the file in files/, as exploited in the wild in October 2014.
- Tags
- Exploited in the Wild
- Yes (2020-02-08 17:21:54 UTC) Source
wordpress
joomla
php
CVSS Scores
CVSS v3.1
9.8 - CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v2.0
7.5
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Exploit Status
References
https://www.exploit-db.com/exploits/35057/
https://www.exploit-db.com/exploits/36811/
http://www.openwall.com/lists/oss-security/2014/11/11/4
http://www.openwall.com/lists/oss-security/2014/11/11/5
http://www.openwall.com/lists/oss-security/2014/11/13/3
https://wordpress.org/plugins/sexy-contact-form/changelog/
http://osvdb.org/show/osvdb/113669
http://osvdb.org/show/osvdb/113673
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CVE | 2020-02-08 17:21:54 UTC |
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel