TROYANOSYVIRUS
Volver a CVEs

CVE-2014-8739

CRITICAL
9.8

Descripcion

Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute arbitrary code by uploading a PHP file with an PHP extension, then accessing it via a direct request to the file in files/, as exploited in the wild in October 2014.

Detalles CVE

Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado2/8/2020
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0

Productos afectados

creative-solutions:creative_contact_formjquery_file_upload_project:jquery_file_upload

Debilidades (CWE)

CWE-434

Referencias

http://osvdb.org/show/osvdb/113669(cve@mitre.org)
http://osvdb.org/show/osvdb/113673(cve@mitre.org)
http://www.openwall.com/lists/oss-security/2014/11/11/4(cve@mitre.org)
http://www.openwall.com/lists/oss-security/2014/11/11/5(cve@mitre.org)
http://www.openwall.com/lists/oss-security/2014/11/13/3(cve@mitre.org)
https://wordpress.org/plugins/sexy-contact-form/changelog/(cve@mitre.org)
https://www.exploit-db.com/exploits/35057/(cve@mitre.org)
https://www.exploit-db.com/exploits/36811/(cve@mitre.org)
http://osvdb.org/show/osvdb/113669(af854a3a-2127-422b-91ae-364da2661108)
http://osvdb.org/show/osvdb/113673(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2014/11/11/4(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2014/11/11/5(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2014/11/13/3(af854a3a-2127-422b-91ae-364da2661108)
https://wordpress.org/plugins/sexy-contact-form/changelog/(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/35057/(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/36811/(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.