jQuery-File-Upload is prone to an arbitrary file-upload vulnerability
An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application.
jQuery-File-Upload version 9.22.0 and prior are vulnerable.
Information
Bugtraq ID: 105679Class: Input Validation Error
CVE: CVE-2018-9206
Remote: Yes
Local: No
Published: Oct 09 2018 12:00AM
Updated: Jan 29 2019 10:00AM
Credit: Larry Cashdollar
Vulnerable: Oracle Siebel Applications 18.11
Oracle Siebel Applications 18.10
Oracle Primavera Unifier 18.8
Oracle Primavera Unifier 17.12
Oracle Primavera Unifier 17.1
Oracle Primavera Unifier 16.2
Oracle Primavera Unifier 16.1
Oracle Communications Services Gatekeeper 6.0
Oracle Communications Services Gatekeeper 5.1
blueimp jQuery-File-Upload 9.22
blueimp jQuery-File-Upload 9.21
blueimp jQuery-File-Upload 9.20
blueimp jQuery-File-Upload 9.19.3
blueimp jQuery-File-Upload 9.19.2
blueimp jQuery-File-Upload 9.19.1
blueimp jQuery-File-Upload 9.19
Not Vulnerable: Oracle Communications Services Gatekeeper 6.1.0.4.0
blueimp jQuery-File-Upload 9.22.1
Exploit
Reports indicate that this issue is being exploited in the wild. Please see the references for more information.
References:
- SECURITY FIX: Only allow image file types by default. (blueimp)
- blueimp/jQuery-File-Upload (blueimp)
- Exploits/CVE-2018-9206/ (lcashdol)
- jQuery-File-Upload Homepage (blueimp)
- Title: jQuery-File-Upload (vapidlabs.com)
- Oracle Critical Patch Update Advisory - January 2019 (Oracle)
Leave a Comment