CVE-2014-1214
The CVE affects Projoom’s NovaSFH (Smart Flash Header) Joomla! plugin, specifically the views/upload.php upload handler in version 3.0.2 and earlier. The root cause is lack of validation in the file upload path, allowing a crafted dest parameter and a Filename extension to upload and execute arbi...