CVE-2018-9206
Arbitrary File Upload vulnerability in blueimp-file-upload (npm)
What is CVE-2018-9206 About?
This vulnerability in Blueimp jQuery-File-Upload allows for unauthenticated arbitrary file upload. Attackers can upload malicious files to the server, potentially leading to remote code execution. Exploitation is straightforward, requiring only network access.
Affected Software
Technical Details
The Blueimp jQuery-File-Upload library, specifically in versions less than or equal to 9.22.0, is affected by an unauthenticated arbitrary file upload vulnerability. This flaw typically occurs due to insufficient file type validation or improper handling of file upload mechanisms. An attacker can send a crafted HTTP request to the upload endpoint, bypassing any client-side or weak server-side checks, and successfully upload files with dangerous extensions (e.g., .php, .jsp, .asp, .exe). If the uploaded file is placed in a web-accessible directory and the web server is configured to execute files of that type, the attacker can then execute arbitrary code on the server simply by navigating to the URL of the uploaded file.
What is the Impact of CVE-2018-9206?
Successful exploitation may allow attackers to execute arbitrary code on the server, gain full control of the compromised system, or significantly disrupt service availability.
What is the Exploitability of CVE-2018-9206?
Exploitation is generally low complexity, requiring an attacker to send a specially crafted HTTP request to the vulnerable upload endpoint. No authentication is required, making it an unauthenticated remote vulnerability. No special privileges are needed. The attacker only needs network access to the server operating the vulnerable jQuery-File-Upload instance. The main risk factors are the accessibility of the upload component and the server's configuration allowing execution of uploaded file types, especially in a web-accessible directory. Due to its simplicity, this vulnerability presents a high risk of exploitation.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| Stahlz | Link | A weaponized version of CVE-2018-9206 |
| Den1al | Link | A Python PoC for CVE-2018-9206 |
| mi-hood | Link | jquery file upload poc |
What are the Available Fixes for CVE-2018-9206?
About the Fix from Resolved Security
Available Upgrade Options
- blueimp-file-upload
- <9.22.1 → Upgrade to 9.22.1
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://www.exploit-db.com/exploits/45790/
- https://www.exploit-db.com/exploits/45790
- http://www.securityfocus.com/bid/105679
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- https://osv.dev/vulnerability/GHSA-4cj8-g9cp-v5wr
- https://wpvulndb.com/vulnerabilities/9136
- https://github.com/advisories/GHSA-4cj8-g9cp-v5wr
- http://www.securityfocus.com/bid/106629
- https://www.exploit-db.com/exploits/46182/
- http://www.vapidlabs.com/advisory.php?v=204
What are Similar Vulnerabilities to CVE-2018-9206?
Similar Vulnerabilities: CVE-2022-26134 , CVE-2021-44073 , CVE-2020-17530 , CVE-2019-17382 , CVE-2018-12613
