3 matches found
WordPress Sexy Contact Form (<= 0.9.7) - Arbitrary File Upload
Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form formerly Sexy Contact Form before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute...
Design/Logic Flaw
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-8739. Reason: This candidate is a duplicate of CVE-2014-8739. Notes: All CVE users should reference CVE-2014-8739 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...
CVE-2014-8739
CVE-2014-8739 : Unrestricted file upload in the jQuery File Upload Plugin 6.4.4, used by Creative Solutions Sexy Contact Form (WordPress <= 1.0.0, Joomla! <= 2.0.1), allows remote attackers to upload a PHP file via UploadHandler.php and execute code by requesting the file in the installed f...