PT-2018-18913 · Jquery · Jquery File Upload

Larry W. Cashdollar

+1

·

Published

2018-11-19

·

Updated

2018-12-19

·

CVE-2018-9207

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions jQuery Upload File versions 4.0.2 and earlier
Description The issue allows for arbitrary file upload.
Recommendations For jQuery Upload File versions 4.0.2 and earlier, update to a version later than 4.0.2 to resolve the issue.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2018-9207
GHSA-MXR5-P36V-479M

Affected Products

Jquery File Upload