views/upload.php in the ProJoom Smart Flash Header ...
High severity
Unreviewed
Published
May 17, 2022
to the GitHub Advisory Database
•
Updated Apr 3, 2024
Description
Published by the National Vulnerability Database
Nov 13, 2019
Published to the GitHub Advisory Database
May 17, 2022
Last updated
Apr 3, 2024
views/upload.php in the ProJoom Smart Flash Header (NovaSFH) component 3.0.2 and earlier for Joomla! allows remote attackers to upload and execute arbitrary files via a crafted (1) dest parameter and (2) arbitrary extension in the Filename parameter.
References