CVE-2014-7228

🗓️ 03 Nov 2014 22:00:00Reported by mitreType

cve🔗 web.nvd.nist.gov👁 107 Views🌐 WEB

Akeeba Restore does not delete parameters from $_GET and $_POST when cleansing $_REQUEST, allowing remote attackers to bypass encryption and execute arbitrary code

Reporter	Title	Published	Views	Family All 14
0day.today	Joomla Akeeba Kickstart Unserialize Remote Code Execution Exploit	21 Oct 201400:00	–	zdt
FreeBSD	Joomla! -- Core - Remote File Execution/Denial of Service vulnerabilities	30 Sep 201400:00	–	freebsd
Circl	CVE-2014-7228	21 Oct 201400:00	–	circl
Cvelist	CVE-2014-7228	3 Nov 201422:00	–	cvelist
Exploit DB	Joomla! Component Akeeba Kickstart - Unserialize Remote Code Execution (Metasploit)	21 Oct 201400:00	–	exploitdb
EUVD	EUVD-2014-7100	7 Oct 202500:30	–	euvd
Tenable Nessus	FreeBSD : Joomla! -- Core - Remote File Execution/Denial of Service vulnerabilities (cec4d01a-7ac5-11e5-b35a-002590263bf5)	26 Oct 201500:00	–	nessus
Tenable Nessus	Joomla! 2.5.x < 2.5.26 / 3.x < 3.2.6 / 3.3.x < 3.3.5 Multiple Vulnerabilities	8 Oct 201400:00	–	nessus
Joomla! Vulnerable Extensions List	[20140903] - Core - Remote File Inclusion	24 Sep 201400:00	–	joomla
Metasploit	Joomla Akeeba Kickstart Unserialize Remote Code Execution	20 Oct 201418:31	–	metasploit

NVD

Node

joomla joomla!Match2.5.4

joomla joomla!Match2.5.5

joomla joomla!Match2.5.6

joomla joomla!Match2.5.7

joomla joomla!Match2.5.8

joomla joomla!Match2.5.9

joomla joomla!Match2.5.10

joomla joomla!Match2.5.11

joomla joomla!Match2.5.12

joomla joomla!Match2.5.13

joomla joomla!Match2.5.14

joomla joomla!Match2.5.15

joomla joomla!Match2.5.16

joomla joomla!Match2.5.17

joomla joomla!Match2.5.18

joomla joomla!Match2.5.19

joomla joomla!Match2.5.20

joomla joomla!Match2.5.21

joomla joomla!Match2.5.22

joomla joomla!Match2.5.23

joomla joomla!Match2.5.24

joomla joomla!Match2.5.25

joomla joomla!Match3.0.0

joomla joomla!Match3.0.1

joomla joomla!Match3.0.2

joomla joomla!Match3.0.3

joomla joomla!Match3.0.4

joomla joomla!Match3.1.0

joomla joomla!Match3.1.1

joomla joomla!Match3.1.2

joomla joomla!Match3.1.3

joomla joomla!Match3.1.4

joomla joomla!Match3.1.5

joomla joomla!Match3.1.6

joomla joomla!Match3.2.0

joomla joomla!Match3.2.1

joomla joomla!Match3.2.2

joomla joomla!Match3.2.3

joomla joomla!Match3.2.4

joomla joomla!Match3.2.5

joomla joomla!Match3.3.0

joomla joomla!Match3.3.1

joomla joomla!Match3.3.2

joomla joomla!Match3.3.3

joomla joomla!Match3.3.4

Source	Link
akeebabackup	www.akeebabackup.com/home/news/1605-security-update-sep-2014.html
websec	www.websec.wordpress.com/2014/10/05/joomla-3-3-4-akeeba-kickstart-remote-code-execution-cve-2014-7228/
developer	www.developer.joomla.org/security/595-20140903-core-remote-file-inclusion.html

Parameter	Position	Path	Description	CWE
task	query param	/joomla/administrator/components/com_joomlaupdate/restoration.php	Remote code execution during the restore step via crafted GET parameters in restoration.php	CWE-310
factory	query param	/joomla/administrator/components/com_joomlaupdate/restoration.php	Remote code execution during the restore step via crafted GET parameters in restoration.php	CWE-310
task	query param	/joomla/administrator/components/com_joomlaupdate/restore.php	Remote code execution during the restore step via crafted GET parameters in restore.php	CWE-310
factory	query param	/joomla/administrator/components/com_joomlaupdate/restore.php	Remote code execution during the restore step via crafted GET parameters in restore.php	CWE-310

17 Jun 2026 00:14Current

7.8High risk

Vulners AI Score7.8

CVSS 27.5

EPSS0.55126

CWE-310