views/upload.php in the ProJoom Smart Flash Header (NovaSFH) component 3.0.2 and previous versions for Joomla! allows remote malicious users to upload and execute arbitrary files via a crafted (1) dest parameter and (2) arbitrary extension in the Filename parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
projoom smart flash header |