CVE-2018-9208

CRITICAL

jQuery Picture Cut <= 1.1Beta - Unauthenticated Arbitrary File Upload

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-9208. PoCs published by cved-sources.

AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2018-9208, targeting a vulnerability in the jquery-picture-cut plugin. The exploit likely involves file upload manipulation or improper input validation in the plugin's PHP backend.

Description

Unauthenticated arbitrary file upload vulnerability in jQuery Picture Cut <= v1.1Beta

Exploits (1)

nomisec WORKING POC
by cved-sources · poc
https://github.com/cved-sources/cve-2018-9208

This repository contains a proof-of-concept exploit for CVE-2018-9208, targeting a vulnerability in the jquery-picture-cut plugin. The exploit likely involves file upload manipulation or improper input validation in the plugin's PHP backend.

Classification
Working Poc 80%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: jquery-picture-cut 1.1
No auth needed
Prerequisites: Access to the vulnerable jquery-picture-cut plugin endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
http://www.vapidlabs.com/advisory.php?v=207

Scores

CVSS v3 9.8
EPSS 0.0267
EPSS Percentile 83.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-434
Status published
Products (1)
tuyoshi/jquery_picture_cut 1.1 beta
Published Nov 05, 2018
Tracked Since Feb 18, 2026