How severe is CVE-2014-7228?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2014-7228?

This is classified as CWE-310, which is a common weakness in software security.

CVE-2014-7228

HIGH Year: 2014

CVSS v2 Score

7.5

High

Weakness Type

CWE-310

View all →

Vulnerability Description

Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, 3.x through 3.2.5, and 3.3.0 through 3.3.4; Akeeba Backup for Joomla! Professional 3.0.0 through 4.0.2; Backup Professional for WordPress 1.0.b1 through 1.1.3; Solo 1.0.b1 through 1.1.2; Admin Tools Core and Professional 2.0.0 through 2.4.4; and CMS Update 1.0.a1 through 1.0.1, when performing a backup or update for an archive, does not delete parameters from $_GET and $_POST when it is cleansing $_REQUEST, but later accesses $_GET and $_POST using the getQueryParam function, which allows remote attackers to bypass encryption and execute arbitrary code via a command message that extracts a crafted archive.

CVE-2021-42001

CRITICAL

CVSS:9.9(Critical)

PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption libraries which can lead to sensitive data exposure. An attacker capable of exploiting this vulnerability may be able to successf...

CWE-3102021

CVE-2014-8684

CRITICAL

CVSS:9.8(Critical)

CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through 3.3.2 make it easier for remote attackers to spoof session cookies and consequently conduct PHP object injection attacks by levera...

CWE-3102014

CVE-2014-8686

CRITICAL

CVSS:9.8(Critical)

CodeIgniter before 2.2.0 makes it easier for attackers to decode session cookies by leveraging fallback to a custom XOR-based encryption scheme when the Mcrypt extension for PHP is not available.

CWE-3102014

CVE-2015-8805

CRITICAL

CVSS:9.8(Critical)

The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allow...

CWE-3102015

CVE-2015-9107

CRITICAL

CVSS:9.8(Critical)

Zoho ManageEngine OpManager 11 through 12.2 uses a custom encryption algorithm to protect the credential used to access the monitored devices. The implemented algorithm doesn't use a per-system key or...

CWE-3102015

CVE-2016-0897

CRITICAL

CVSS:9.8(Critical)

Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 and 1.7.x before 1.7.8, when vCloud or vSphere is used, does not properly enable SSH access for operators, which has unspecified impact and remote...

CWE-3102016

CVE-2014-7228

Vulnerability Description

Related Vulnerabilities

CVE-2021-42001

CVE-2014-8684

CVE-2014-8686

CVE-2015-8805

CVE-2015-9107

CVE-2016-0897