Is CVE-2014-8739 actively exploited?

CVE-2014-8739 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2014-8739?

CVE-2014-8739 has a CVSS score of 9.8 (CRITICAL severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

How do I patch CVE-2014-8739?

Patch guidance is available from creative-solutions security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2014-8739.

Fix CVE-2014-8739 - CRITICAL

Q: Which products are affected by CVE-2014-8739?

3 products: creative-solutions creative contact form, creative-solutions creative contact form, jquery file upload project jquery file upload.

Description

Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute arbitrary code by uploading a PHP file with an PHP extension, then accessing it via a direct request to the file in files/, as exploited in the wild in October 2014.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-434 · Unrestricted File Upload

Metadata

Primary Vendor: CREATIVE-SOLUTIONS
Published: 2/8/2020
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

creative-solutions : creative_contact_formcreative-solutions : creative_contact_formjquery_file_upload_project : jquery_file_upload

Remediation Guidance

Executive Summary

View on NIST NVD