CVE-2018-9206

CRITICAL EXPLOITED IN THE WILD NUCLEI

Blueimp jQuery-File-Upload <=9.22.0 - File Upload

Title source: llm

Description

Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0

Exploits (12)

nomisec WORKING POC 62 stars
by Stahlz · remote
https://github.com/Stahlz/JQShell
nomisec WORKING POC 13 stars
by Den1al · remote-auth
https://github.com/Den1al/CVE-2018-9206
nomisec WRITEUP
by cved-sources · poc
https://github.com/cved-sources/cve-2018-9206
nomisec SCANNER
by liemkaka · poc
https://github.com/liemkaka/CVE-2018-9206
gitlab WORKING POC
by cdw1p · poc
https://gitlab.com/cdw1p/cve-2018-9206-bypass-firewall-imperva
nomisec WORKING POC
by mi-hood · remote-auth
https://github.com/mi-hood/CVE-2018-9206
nomisec WORKING POC
by flame-11 · remote
https://github.com/flame-11/CVE-2018-9206-jquery-file-upload
exploitdb WORKING POC VERIFIED
by Larry W. Cashdollar · textwebappsphp
https://www.exploit-db.com/exploits/45584
metasploit WORKING POC EXCELLENT
by Claudio Viviani, Larry W. Cashdollar, wvu · rubypocphp
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/jquery_file_upload.rb
exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotephp
https://www.exploit-db.com/exploits/45790
exploitdb WORKING POC
by Larry W. Cashdollar · pythonwebappsphp
https://www.exploit-db.com/exploits/46182

Nuclei Templates (1)

Blueimp jQuery-File-Upload v9.22.0 - Unrestricted File Upload
CRITICALVERIFIEDby thewindghost

References (7)

Scores

CVSS v3 9.8
EPSS 0.9368
EPSS Percentile 99.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation Intel

VulnCheck KEV 2015-05-09
InTheWild.io 2018-11-18

Classification

CWE
CWE-434
Status published

Affected Products (2)

jquery_file_upload_project/jquery_file_upload < 9.22.0
npm/blueimp-file-upload < 9.22.1npm

Timeline

Published Oct 11, 2018
Tracked Since Feb 18, 2026