2 matches found
CVE-2014-8739
CVE-2014-8739 : Unrestricted file upload in the jQuery File Upload Plugin 6.4.4, used by Creative Solutions Sexy Contact Form (WordPress <= 1.0.0, Joomla! <= 2.0.1), allows remote attackers to upload a PHP file via UploadHandler.php and execute code by requesting the file in the installed f...
CVE-2020-9364
CVE-2020-9364 affects Creative Contact Form for Joomla (versions 4.6.2 and earlier). A directory traversal flaw exists in the helpers/mailer.php file, in the filename field for uploaded attachments processed via the creativecontactform_upload parameter. An attacker could abuse the "Send me a copy...