Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-7228Joomla ! vulnerability

CWE-3105 documents5 sources
Severity
7.5HIGHNVD
EPSS
6.1%
top 9.23%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Joomla !
Timeline
PublishedNov 3
Latest updateMay 17

Description

Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, 3.x through 3.2.5, and 3.3.0 through 3.3.4; Akeeba Backup for Joomla! Professional 3.0.0 through 4.0.2; Backup Professional for WordPress 1.0.b1 through 1.1.3; Solo 1.0.b1 through 1.1.2; Admin Tools Core and Professional 2.0.0 through 2.4.4; and CMS Update 1.0.a1 through 1.0.1, when performing a backup or update for an archive, does not delete parameters from $_GET and $_POST when it is cleansing $_REQUEST, but later accesses

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDjoomla/joomla_!45 versions+44

🔴Vulnerability Details

2
GHSA
GHSA-99g7-532h-x95c: Akeeba Restore (restore2022-05-17
CVEList
CVE-2014-7228: Akeeba Restore (restore2014-11-03

💥Exploits & PoCs

2
Exploit-DB
Joomla! Component Akeeba Kickstart - Unserialize Remote Code Execution (Metasploit)2014-10-21
Metasploit
Joomla Akeeba Kickstart Unserialize Remote Code Execution
CVE-2014-7228 — Joomla ! vulnerability | cvebase