返回 CVE 浏览器

CVE-2014-8739

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.0020%

EPSS Percentile27.79th

Published2020年2月8日

Last Modified2024年11月21日

Vulnerability Description

Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute arbitrary code by uploading a PHP file with an PHP extension, then accessing it via a direct request to the file in files/, as exploited in the wild in October 2014.

Affected Platforms (CPE)

📦

Creative Solutions

Creative Contact Form

< 1.0.0

📦

Creative Solutions

Creative Contact Form

< 2.0.1

📦

Jquery File Upload Project

Jquery File Upload

= 6.4.4

References & Advisories

🔗 http://osvdb.org/show/osvdb/113669

🔗 http://osvdb.org/show/osvdb/113673

🔗 http://www.openwall.com/lists/oss-security/2014/11/11/4

🔗 http://www.openwall.com/lists/oss-security/2014/11/11/5

🔗 http://www.openwall.com/lists/oss-security/2014/11/13/3

🔗 https://wordpress.org/plugins/sexy-contact-form/changelog/

🔗 https://www.exploit-db.com/exploits/35057/

🔗 https://www.exploit-db.com/exploits/36811/

相关漏洞威胁

CVE-2020-93645.3

An issue was discovered in helpers/mailer.php in the Creative Contact Form extension 4.6.2 before 2019-12-03 for Joomla!. A direct...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...

CVE-2026-121895.3

A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzm...