PT-2019-7074 · Projoom · Projoom Smart Flash Header

Published

2019-11-13

Updated

2019-11-18

CVE-2014-1214

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions ProJoom Smart Flash Header (NovaSFH) component versions 3.0.2 and earlier for Joomla!

Description The issue allows remote attackers to upload and execute arbitrary files. This is achieved via a crafted dest parameter and an arbitrary extension in the Filename parameter.

Recommendations For ProJoom Smart Flash Header (NovaSFH) component versions 3.0.2 and earlier, consider disabling the upload functionality in the views/upload.php file until a patch is available. Restrict access to the dest parameter and validate the Filename parameter to prevent arbitrary file uploads.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2014-1214

Affected Products

Projoom Smart Flash Header

PT-2019-7074 · Projoom · Projoom Smart Flash Header

CVE-2014-1214

Weakness Enumeration

Related Identifiers

Affected Products

References · 4