CVE-2014-8739

Name of the Vulnerable Software and Affected Versions jQuery File Upload Plugin version 6.4.4 Creative Solutions Creative Contact Form versions prior to 1.0.0 for WordPress Creative Solutions Creative Contact Form versions prior to 2.0.1 for Joomla!

Description The issue allows remote attackers to execute arbitrary code by uploading a PHP file with a PHP extension, then accessing it via a direct request to the file in files/. This has been exploited in the wild in October 2014.

Recommendations For jQuery File Upload Plugin version 6.4.4, update to a version that fixes the unrestricted file upload vulnerability. For Creative Solutions Creative Contact Form before 1.0.0 for WordPress, update to version 1.0.0 or later. For Creative Solutions Creative Contact Form before 2.0.1 for Joomla!, update to version 2.0.1 or later. As a temporary workaround, consider restricting access to the files/ directory to minimize the risk of exploitation.