CVE-2014-7228

🗓️ 03 Nov 2014 22:00:00Reported by mitreType

cve🔗 web.nvd.nist.gov👁 102 Views🌐 WEB

Akeeba Restore does not delete parameters from $_GET and $_POST when cleansing $_REQUEST, allowing remote attackers to bypass encryption and execute arbitrary code

Reporter	Title	Published	Views	Family All 14
0day.today	Joomla Akeeba Kickstart Unserialize Remote Code Execution Exploit	21 Oct 201400:00	–	zdt
FreeBSD	Joomla! -- Core - Remote File Execution/Denial of Service vulnerabilities	30 Sep 201400:00	–	freebsd
Circl	CVE-2014-7228	21 Oct 201400:00	–	circl
Cvelist	CVE-2014-7228	3 Nov 201422:00	–	cvelist
Exploit DB	Joomla! Component Akeeba Kickstart - Unserialize Remote Code Execution (Metasploit)	21 Oct 201400:00	–	exploitdb
EUVD	EUVD-2014-7100	7 Oct 202500:30	–	euvd
Tenable Nessus	FreeBSD : Joomla! -- Core - Remote File Execution/Denial of Service vulnerabilities (cec4d01a-7ac5-11e5-b35a-002590263bf5)	26 Oct 201500:00	–	nessus
Tenable Nessus	Joomla! 2.5.x < 2.5.26 / 3.x < 3.2.6 / 3.3.x < 3.3.5 Multiple Vulnerabilities	8 Oct 201400:00	–	nessus
Joomla! Vulnerable Extensions List	[20140903] - Core - Remote File Inclusion	24 Sep 201400:00	–	joomla
Metasploit	Joomla Akeeba Kickstart Unserialize Remote Code Execution	20 Oct 201418:31	–	metasploit

NVD

Node

joomla joomla!Match2.5.4

joomla joomla!Match2.5.5

joomla joomla!Match2.5.6

joomla joomla!Match2.5.7

joomla joomla!Match2.5.8

joomla joomla!Match2.5.9

joomla joomla!Match2.5.10

joomla joomla!Match2.5.11

joomla joomla!Match2.5.12

joomla joomla!Match2.5.13

joomla joomla!Match2.5.14

joomla joomla!Match2.5.15

joomla joomla!Match2.5.16

joomla joomla!Match2.5.17

joomla joomla!Match2.5.18

joomla joomla!Match2.5.19

joomla joomla!Match2.5.20

joomla joomla!Match2.5.21

joomla joomla!Match2.5.22

joomla joomla!Match2.5.23

joomla joomla!Match2.5.24

joomla joomla!Match2.5.25

joomla joomla!Match3.0.0

joomla joomla!Match3.0.1

joomla joomla!Match3.0.2

joomla joomla!Match3.0.3

joomla joomla!Match3.0.4

joomla joomla!Match3.1.0

joomla joomla!Match3.1.1

joomla joomla!Match3.1.2

joomla joomla!Match3.1.3

joomla joomla!Match3.1.4

joomla joomla!Match3.1.5

joomla joomla!Match3.1.6

joomla joomla!Match3.2.0

joomla joomla!Match3.2.1

joomla joomla!Match3.2.2

joomla joomla!Match3.2.3

joomla joomla!Match3.2.4

joomla joomla!Match3.2.5

joomla joomla!Match3.3.0

joomla joomla!Match3.3.1

joomla joomla!Match3.3.2

joomla joomla!Match3.3.3

joomla joomla!Match3.3.4

Source	Link
akeebabackup	www.akeebabackup.com/home/news/1605-security-update-sep-2014.html
websec	www.websec.wordpress.com/2014/10/05/joomla-3-3-4-akeeba-kickstart-remote-code-execution-cve-2014-7228/
developer	www.developer.joomla.org/security/595-20140903-core-remote-file-inclusion.html

Parameter	Position	Path	Description	CWE
task	query param	administrator/components/com_joomlaupdate/restoration.php	Remote code execution via crafted factory parameter during restoration step (RCE via unserialize in Akeeba component).	CWE-310
factory	query param	administrator/components/com_joomlaupdate/restoration.php	Remote code execution via crafted factory parameter during restoration step (RCE via unserialize in Akeeba component).	CWE-310
task	query param	administrator/components/com_joomlaupdate/restore.php	Remote code execution via crafted factory parameter during restore step in Akeeba component.	CWE-310
factory	query param	administrator/components/com_joomlaupdate/restore.php	Remote code execution via crafted factory parameter during restore step in Akeeba component.	CWE-310

06 May 2026 22:30Current

7.8High risk

Vulners AI Score7.8

CVSS 27.5

EPSS0.0607

CWE-310