Date: Tue, 11 Nov 2014 20:02:00 +0200 From: Henri Salo <henri@...v.fi> To: oss-security@...ts.openwall.com Subject: CVE request: Joomla component com_sexycontactform and WordPress plugin sexy-contact-form unrestricted file upload -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Can I get 2014 CVE ID for unrestricted file upload vulnerability in Sexy Contact Form, thanks. This is currently exploited in the wild. Plugin has later changed name to Creative Contact Form: http://extensions.joomla.org/extensions/contacts-and-feedback/contact-forms/23646 https://wordpress.org/plugins/sexy-contact-form/ Affected: - - Joomla component com_sexycontactform 2.0.0 and below in "components/com_sexycontactform/fileupload/UploadHandler.php". Version 2.0.1 contains fix. - - WordPress plugin "includes/fileupload/UploadHandler.php" r780722 / 0.9.7 and below. Changelog says that version 1.0.0 27/10/2014 contains the fix. Fix is empty file so possibly removing the feature completely. There is also a proprietary version of this plugin available, but the codebase is nearly the same as far as I can tell. UploadHandler.php is "jQuery File Upload Plugin PHP Class 6.4.4" in both plugins. I have submitted all malicious uploaded files to several AV vendors. - From log files I'm able to tell that these are automated attacks. Attacker tried to exploit several Linux local exploit, sent emails and executed DoS attacks. I have also reported affected installations via email to abuse@ addresses and CERT. I can investigate more if you have questions. - --- Henri Salo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlRiTxgACgkQXf6hBi6kbk/v+ACgxc/fCjN8mAGhTFWsnVKbHggo 4GoAn1jWlJmXxHP/J47sSTsmB7uPK526 =sUX3 -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.