icon

We found results for “

CVE-2018-9206

Date: October 11, 2018

Overview

jQuery is a free and open source JavaScript library that is widely used to simplify a wide range of client-side scripting tasks such as HTML DOM tree manipulation, event handling, and more. Blueimp jQuery-File-Upload is a popular jQuery-based plugin that comes with lots of features for uploading files easily on multiple server-side platforms. Affected versions of this tool could allow a remote attacker to execute code arbitrarily on the target system.

Details

CVE-2018-9206 is caused by an unauthenticated arbitrary file upload flaw in the Blueimp jQuery-File-Upload plugin. Since the plugin does not have disallowed file types, by default, a remote unauthenticated threat actor could upload arbitrary files to the system. If exploited, this arbitrary file upload vulnerability lets an unrestricted invader upload and execute a malicious type of file on the target server. For example, these files could consist of malware, executables, or shell scripts. With these malicious payloads, the attacker could then remotely access the server and wholly assume control over the victim’s host. This way, they can carry out further attacks, such as exfiltration of sensitive data, or make lateral movements to other hosts within the network. Ultimately, exploiting this vulnerability lets invaders take full control of a susceptible host and bring it to its knees.

Affected Environments

Blueimp jQuery-File-Upload plugin versions 9.22.0 and earlier

Remediation

Configure your web server to avoid executing files in the upload directory. For example, you can modify your Apache configuration to achieve this.

Prevention

Update to the latest version of the plugin.

Language: JS

Good to know:

icon

Unrestricted Upload of File with Dangerous Type

CWE-434
icon

Upgrade Version

Upgrade to version 9.22.1

Learn More

Base Score:
Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High
Base Score:
Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (AU): None
Confidentiality (C): Partial
Integrity (I): Partial
Availability (A): Partial
Additional information: