ID CVE-2018-9206
Summary Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0
References
Vulnerable Configurations
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:8.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:8.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:8.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:8.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:8.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:8.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:8.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:8.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:8.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:8.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:8.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:8.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:8.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:8.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:8.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:8.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:8.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:8.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:8.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:8.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:8.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:8.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:8.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:8.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:8.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:8.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:8.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:8.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:8.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:8.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:8.8.4:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:8.8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:8.8.5:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:8.8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:8.8.7:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:8.8.7:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:8.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:8.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.5.6:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.5.6:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.5.7:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.5.7:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.5.8:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.5.8:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.9.4:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.9.4:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.10.0:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.10.1:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.10.1:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.10.2:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.10.3:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.10.3:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.10.4:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.10.4:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.10.5:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.10.5:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.10.6:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.10.6:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.10.7:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.10.7:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.11.0:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.11.0:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.11.1:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.11.1:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.11.2:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.11.2:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.12.0:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.12.1:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.12.1:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.12.2:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.12.2:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.12.3:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.12.3:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.12.4:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.12.4:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.12.5:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.12.5:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.12.6:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.12.6:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.13.0:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.13.0:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.13.1:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.13.1:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.14.0:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.14.1:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.14.2:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.14.2:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.15.0:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.16.0:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.17.0:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.17.0:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.18.0:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.18.0:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.19.0:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.19.0:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.19.1:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.19.2:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.19.2:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.19.3:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.19.3:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.20.0:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.20.0:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.21.0:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.21.0:*:*:*:*:*:*:*
  • cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.22.0:*:*:*:*:*:*:*
    cpe:2.3:a:jquery_file_upload_project:jquery_file_upload:9.22.0:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 11-09-2019 - 19:28)
Impact:
Exploitability:
CWE CWE-434
CAPEC
  • Accessing Functionality Not Properly Constrained by ACLs
    In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
d2sec via4
name jQuery File Upload
url http://www.d2sec.com/exploits/jquery_file_upload.html
refmap via4
bid
  • 105679
  • 106629
confirm https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
exploit-db
  • 45790
  • 46182
misc
Last major update 11-09-2019 - 19:28
Published 11-10-2018 - 15:29
Back to Top