Vulnerability in Blueimp Jquery-file-upload

CVE-2018-9206

Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0

EPSS: 0.938 (99.9th percentile) — read the EPSS interpretation.

Affected products

Blueimp Jquery-file-upload — versions unspecified

Public proof-of-concept exploits

References

106629 (vdb-entry, x_refsource_BID)
www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html (x_refsource_CONFIRM)
46182 (exploit, x_refsource_EXPLOIT-DB)
wpvulndb.com/vulnerabilities/9136 (x_refsource_MISC)
45790 (exploit, x_refsource_EXPLOIT-DB)
www.vapidlabs.com/advisory.php (x_refsource_MISC)
105679 (vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2018-9206?: CVE-2018-9206 is a vulnerability in Blueimp Jquery-file-upload. Published 2018-10-11.
Is CVE-2018-9206 known to be exploited?: 42 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.