PT-2018-18915 · Widen · File Uploader

Larry W. Cashdollar

Published

2018-11-19

Updated

2022-05-14

CVE-2018-9209

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions FineUploader php-traditional-server versions prior to v1.3

Description The issue is related to an unauthenticated arbitrary file upload. This allows unauthorized users to upload files without proper validation.

Recommendations For versions prior to v1.3, update to a version that includes the fix for this issue.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2018-9209

GHSA-J78W-6R73-22VH

Affected Products

File Uploader

PT-2018-18915 · Widen · File Uploader

CVE-2018-9209

Weakness Enumeration

Related Identifiers

Affected Products

References · 5