Published: 08/02/2020 Updated: 12/02/2020

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) prior to 1.0.0 for WordPress and prior to 2.0.1 for Joomla!, allows remote malicious users to execute arbitrary code by uploading a PHP file with an PHP extension, then accessing it via a direct request to the file in files/, as exploited in the wild in October 2014.

Vulnerable Product	Search on Vulmon	Subscribe to Product
creative-solutions creative contact form
jquery file upload project jquery file upload 6.4.4

#!/usr/bin/python # # Exploit Name: Wordpress and Joomla Creative Contact Form Shell Upload Vulnerability # Wordpress plugin version: <= 097 # Joomla extension version: <= 200 # # Vulnerability discovered by Gianni Angelozzi # # Exploit written by Claudio Viviani # # Dork google wordpress: inurl:inurl:sexy-co ...

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::HTTP::Wordpress include Msf::Exploit::FileDropper def initialize(info = {}) super(update_info(inf ...

An article about jQuery file upload to RCE

jQuery-vulnrability An article about jQuery file upload to RCE jQuery-File-Upload jQuery-File-Upload is a plugin for the jQuery library that allows you to upload files to the server and receive the results This plugin has various features, including uploading multiple files at the same time, previewing images before uploading, canceling uploads, and supporting drag and drop fi

CWE-434 http://www.openwall.com/lists/oss-security/2014/11/11/5 http://osvdb.org/show/osvdb/113669 http://osvdb.org/show/osvdb/113673 https://www.exploit-db.com/exploits/36811/https://www.exploit-db.com/exploits/35057/http://www.openwall.com/lists/oss-security/2014/11/11/4 https://wordpress.org/plugins/sexy-contact-form/changelog/http://www.openwall.com/lists/oss-security/2014/11/13/3 https://nvd.nist.gov https://github.com/alex-h4cker/jQuery-vulnrability https://www.exploit-db.com/exploits/35057/

CVE-2014-8739

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect