jQuery-File-Upload CVE-2018-9206 Arbitrary File Upload Vulnerability

#157
Topic created · 1 Posts · 1 Views

  • jQuery-File-Upload is prone to an arbitrary file-upload vulnerability.
    An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application.
    jQuery-File-Upload version 9.22.0 and prior are vulnerable.
    Information

    Bugtraq ID: | 105679 |
    Class: | Input Validation Error |
    CVE: | CVE-2018-9206 |
    Remote: | Yes |
    Local: | No |
    Published: | Oct 09 2018 12:00AM |
    Updated: | Jan 29 2019 10:00AM |
    Credit: | Larry Cashdollar |
    Vulnerable: | Oracle Siebel Applications 18.11 Oracle Siebel Applications 18.10 Oracle Primavera Unifier 18.8 Oracle Primavera Unifier 17.12 Oracle Primavera Unifier 17.1 Oracle Primavera Unifier 16.2 Oracle Primavera Unifier 16.1 Oracle Communications Services Gatekeeper 6.0 Oracle Communications Services Gatekeeper 5.1 blueimp jQuery-File-Upload 9.22 blueimp jQuery-File-Upload 9.21 blueimp jQuery-File-Upload 9.20 blueimp jQuery-File-Upload 9.19.3 blueimp jQuery-File-Upload 9.19.2 blueimp jQuery-File-Upload 9.19.1 blueimp jQuery-File-Upload 9.19 |
    |
    Not Vulnerable: | Oracle Communications Services Gatekeeper 6.1.0.4.0 blueimp jQuery-File-Upload 9.22.1 |
    Exploit

    Reports indicate that this issue is being exploited in the wild. Please see the references for more information.
    References:

Log in to reply