CVE-2014-1214
published 2019-11-13CVE-2014-1214: views/upload.php in the ProJoom Smart Flash Header (NovaSFH) component 3.0.2 and earlier for Joomla! allows remote attackers to upload and execute arbitrary…
PriorityP266high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
4.32%
90.0th percentile
views/upload.php in the ProJoom Smart Flash Header (NovaSFH) component 3.0.2 and earlier for Joomla! allows remote attackers to upload and execute arbitrary files via a crafted (1) dest parameter and (2) arbitrary extension in the Filename parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| projoom | smart_flash_header | <= 3.0.2 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect POST requests to the vulnerable upload endpoint with the 'action=upload' parameter and a base64-encoded 'dest' parameter, indicating an attempt to specify an arbitrary upload destination directory. ↗
- →Alert on multipart/form-data POST requests to upload.php where the 'Filename' field contains a .php extension, indicating attempted webshell/backdoor upload. ↗
- →Monitor for file creation of .php files within web-accessible directories originating from the com_novasfh component upload handler, as the dest parameter can be base64-decoded to an arbitrary server path (e.g. L3Zhci93d3cvaHRtbA== decodes to /var/www/html). ↗
- →Flag access to the Joomla administrator uploader interface via the referer path option=com_novasfh&c=uploader, which is the entry point used to stage the exploit. ↗
- ·The 'dest' parameter is base64-encoded, allowing an attacker to specify any writable server path as the upload destination. Detection rules must account for base64-encoded path traversal values, not just plaintext paths. ↗
- ·The vulnerability exists in views/upload.php and does not require authentication beyond Joomla administrator access; the exploit targets the /administrator/ path, so detections should cover authenticated admin-side abuse, not just unauthenticated requests. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
https://exchange.xforce.ibmcloud.com/vulnerabilities/91020https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1214/https://exchange.xforce.ibmcloud.com/vulnerabilities/91020https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1214/
2019-11-13
Published