oss-sec mailing list archives
CVE request: Joomla component com_sexycontactform and WordPress plugin sexy-contact-form unrestricted file upload
From: Henri Salo <henri () nerv fi>
Date: Tue, 11 Nov 2014 20:02:00 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Can I get 2014 CVE ID for unrestricted file upload vulnerability in Sexy Contact Form, thanks. This is currently exploited in the wild. Plugin has later changed name to Creative Contact Form: http://extensions.joomla.org/extensions/contacts-and-feedback/contact-forms/23646 https://wordpress.org/plugins/sexy-contact-form/ Affected: - - Joomla component com_sexycontactform 2.0.0 and below in "components/com_sexycontactform/fileupload/UploadHandler.php". Version 2.0.1 contains fix. - - WordPress plugin "includes/fileupload/UploadHandler.php" r780722 / 0.9.7 and below. Changelog says that version 1.0.0 27/10/2014 contains the fix. Fix is empty file so possibly removing the feature completely. There is also a proprietary version of this plugin available, but the codebase is nearly the same as far as I can tell. UploadHandler.php is "jQuery File Upload Plugin PHP Class 6.4.4" in both plugins. I have submitted all malicious uploaded files to several AV vendors. - From log files I'm able to tell that these are automated attacks. Attacker tried to exploit several Linux local exploit, sent emails and executed DoS attacks. I have also reported affected installations via email to abuse@ addresses and CERT. I can investigate more if you have questions. - --- Henri Salo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlRiTxgACgkQXf6hBi6kbk/v+ACgxc/fCjN8mAGhTFWsnVKbHggo 4GoAn1jWlJmXxHP/J47sSTsmB7uPK526 =sUX3 -----END PGP SIGNATURE-----
Current thread:
- CVE request: Joomla component com_sexycontactform and WordPress plugin sexy-contact-form unrestricted file upload Henri Salo (Nov 11)