WordPress and Joomla Creative Contact Form EXPLOIT

Today i found that a JOOMLA client was hacked with this exploit, and COMOD didn’t stop it.

“WordPress and Joomla Creative Contact Form Unauthenticated Shell Upload Vulnerability”

The attack use normally this:
41.140.137.47 - - [02/Mar/2015:13:02:06 +0000] "GET /components/com_creativecontactform/fileupload/

We will check this issue

Will be fixed in next release.