CVE-2014-1214
HIGHProJoom Smart Flash Header < 3.0.2 - Unauthenticated Arbitrary File Upload via Crafted Dest and Filename Parameters
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2014-1214. PoCs published by Yuri Kramarz.
AI-analyzed exploit summary This exploit demonstrates an arbitrary file upload vulnerability in the Projoom NovaSFH plugin for Joomla! by sending a crafted multipart/form-data POST request to upload a malicious PHP file. The vulnerability arises from insufficient input sanitization, allowing remote code execution.
Description
views/upload.php in the ProJoom Smart Flash Header (NovaSFH) component 3.0.2 and earlier for Joomla! allows remote attackers to upload and execute arbitrary files via a crafted (1) dest parameter and (2) arbitrary extension in the Filename parameter.
Exploits (1)
This exploit demonstrates an arbitrary file upload vulnerability in the Projoom NovaSFH plugin for Joomla! by sending a crafted multipart/form-data POST request to upload a malicious PHP file. The vulnerability arises from insufficient input sanitization, allowing remote code execution.
References (2)
Scores
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H