Main Vulnerability Database Exploits ID:5986 - Exploit for Arbitrary file upload in jQuery File Upload - CVE-2018-9206

ID:5986 - Exploit for Arbitrary file upload in jQuery File Upload - CVE-2018-9206

Published: June 17, 2021

Vulnerability identifier: #VU15424

Vulnerability risk: Critical

CVE-ID: CVE-2018-9206

CWE-ID: CWE-434

Exploitation vector: Remote access

Vulnerable software:
jQuery File Upload

Link to public exploit:

https://www.exploit-db.com/exploits/45584/

Vulnerability description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists in the plugin's source code that handles file uploads to PHP servers due to software allows upload of arbitrary files to the system. A remote unauthenticated attacker can upload arbitrary .htaccess file to impose security restrictions to its upload folder and upload backdoors and web shells.

Note: The vulnerability has been actively exploited for at least 3 years.

Remediation

Update to version 9.22.1 or later.

ID:5986 - Exploit for Arbitrary file upload in jQuery File Upload - CVE-2018-9206

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human