CVE-2018-9207

CRITICAL

Hayageek Jquery Upload File < 4.0.2 - Unrestricted File Upload

Title source: rule

Arbitrary file upload in jQuery Upload File <= 4.0.2

nomisec WORKING POC

by cved-sources · poc

CVSS v3 9.8

EPSS 0.2855

EPSS Percentile 96.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-434

Status published

Products (2)

hayageek/jquery_upload_file < 4.0.2

npm/jquery-file-upload 0 - 4.0.5npm

Published Nov 19, 2018

Tracked Since Feb 18, 2026