Description

jQuery File Upload is a file upload widget with multiple file selection, drag&drop support, progress bars, validation and preview images, audio and video for jQuery.

A change in Apache's Web Server security setting handling exposed users of this plugin to an unrestricted file upload flaw.

Remediation

Upgrade to the latest version of jQuery File Upload. This vulnerability was fixed in jQuery File Upload v9.22.1

References

jQuery-File-Upload <= v9.22.0 unauthenticated arbitrary file upload vulnerability

File Upload Security

Related Vulnerabilities

WordPress Plugin WordPress Popular Posts TimThumb Arbitrary File Upload (2.1.4)

WordPress Plugin Showbiz Pro Responsive Teaser Arbitrary File Upload (1.7.1)

WordPress Plugin Woocommerce Product Designer Arbitrary File Upload (3.0.3)

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Multiple Vulnerabilities (1.3.88)

WordPress Plugin Analytics-Gtag Restricted File Upload (1.8.1)

Severity

High

Classification

CVE-2018-9206 CWE-434 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

Tags

Unauthenticated File Upload Arbitrary File Creation