Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
githubGitHub Advisory DatabaseGHSA-4CJ8-G9CP-V5WR
HistoryOct 22, 2018 - 6:53 p.m.

Unrestricted Upload of File with Dangerous Type in blueimp-file-upload

2018-10-2218:53:56
CWE-434
GitHub Advisory Database
github.com
34

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.967 High

EPSS

Percentile

99.7%

JSON

Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0

Affected configurations

Vulners
Node
github_advisory_databaseblueimp-file-uploadRange9.22.0
CPENameOperatorVersion
blueimp-file-uploadle9.22.0

Related

packetstorm 2
cve 1
canvas 1
openvas 2
exploitpack 2
wpvulndb 2
debiancve 1
osv 2
nessus 3
wpexploit 2
cvelist 1
threatpost 1
ubuntucve 1
patchstack 1
kitploit 2
zdt 1
dsquare 1
checkpoint_advisories 1
veracode 1
prion 1
nvd 1
metasploit 1
exploitdb 3
impervablog 1
oracle 1
packetstorm
packetstorm
Blueimp jQuery File Upload 9.22.0 Arbitrary File Upload
2019-01-17 00:00:00
blueimp jQuery Arbitrary File Upload
2018-11-05 00:00:00
cve
cve
CVE-2018-9206
2018-10-11 15:29:00
canvas
canvas
Immunity Canvas: JQUERY_FILE_UPLOAD
2018-10-11 15:29:00
openvas
openvas
Blueimp jQuery-File-Upload < 9.24.1 File Upload Vulnerability - Active Check
2018-11-02 00:00:00
Tenable Nessus Network Monitor < 6.3.1 Multiple Vulnerabilities (TNS-2023-43)
2023-11-30 00:00:00
exploitpack
exploitpack
jQuery-File-Upload 9.22.0 - Arbitrary File Upload
2018-10-11 00:00:00
Blueimps jQuery File Upload 9.22.0 - Arbitrary File Upload Exploit
2019-01-16 00:00:00
wpvulndb
wpvulndb
Tajer - Unauthenticated Arbitrary File Upload
2018-10-15 00:00:00
Art-Picture-Gallery <= 1.2.9 - Unauthenticated Arbitrary File Upload
2020-04-02 00:00:00
debiancve
debiancve
CVE-2018-9206
2018-10-11 15:29:00
osv
osv
CVE-2018-9206
2018-10-11 15:29:00
Unrestricted Upload of File with Dangerous Type in blueimp-file-upload
2018-10-22 18:53:56
nessus
nessus
jQuery-File-Upload Arbitrary File Upload Vulnerability (Remote Check)
2018-10-22 00:00:00
Nessus Network Monitor < 6.3.1 Multiple Vulnerabilities (TNS-2023-43)
2023-11-30 00:00:00
Oracle Primavera Unifier Multiple Vulnerabilities (Jan 2019 CPU)
2019-01-18 00:00:00
wpexploit
wpexploit
Art-Picture-Gallery <= 1.2.9 - Unauthenticated Arbitrary File Upload
2020-04-02 00:00:00
Tajer - Unauthenticated Arbitrary File Upload
2018-10-15 00:00:00
cvelist
cvelist
CVE-2018-9206
2018-10-11 15:00:00
threatpost
threatpost
Thousands of Applications Vulnerable to RCE via jQuery File Upload
2018-10-23 12:31:06
ubuntucve
ubuntucve
CVE-2018-9206
2018-10-11 00:00:00
patchstack
patchstack
WordPress Art-Picture-Gallery plugin <= 1.2.9 - Unauthenticated Arbitrary File Upload vulnerability
2020-04-02 00:00:00
kitploit
kitploit
JQShell - A Weaponized Version Of CVE-2018-9206 (Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0)
2018-10-29 20:39:00
Darksplitz - Exploit Framework
2019-04-04 21:12:00
zdt
zdt
blueimp jQuery Arbitrary File Upload Exploit
2018-11-05 00:00:00
dsquare
dsquare
jQuery File Upload
2018-10-18 00:00:00
checkpoint_advisories
checkpoint_advisories
Blueimp jQuery File Upload Remote Code Execution (CVE-2018-9206)
2018-11-01 00:00:00
veracode
veracode
Arbitrary File Upload
2018-10-12 02:43:31
prion
prion
Design/Logic Flaw
2018-10-11 15:29:00
nvd
nvd
CVE-2018-9206
2018-10-11 15:29:00
metasploit
metasploit
blueimp's jQuery (Arbitrary) File Upload
2018-10-23 04:35:42
exploitdb
exploitdb
Blueimp&#039;s jQuery File Upload 9.22.0 - Arbitrary File Upload Exploit
2019-01-16 00:00:00
jQuery-File-Upload 9.22.0 - Arbitrary File Upload
2018-10-11 00:00:00
blueimp&#039;s jQuery 9.22.0 - (Arbitrary) File Upload (Metasploit)
2018-11-06 00:00:00
impervablog
impervablog
CrimeOps of the KashmirBlack Botnet – Part II
2020-10-22 18:55:05
oracle
oracle
Oracle Critical Patch Update Advisory - January 2019
2019-01-15 00:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.967 High

EPSS

Percentile

99.7%

JSON
Related for GHSA-4CJ8-G9CP-V5WR
packetstorm2cve1canvas1openvas2exploitpack2wpvulndb2debiancve1osv2nessus3wpexploit2cvelist1threatpost1ubuntucve1patchstack1kitploit2zdt1dsquare1checkpoint_advisories1veracode1prion1nvd1metasploit1exploitdb3impervablog1oracle1