Jquery File Upload Arbitrary File Upload

Strike ID:
E18-0q3a1
CVSS:
9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
False Positive:
f
Variants:
6
Year:
2018

Description

This strike exploits an arbitrary file upload vulnerability in BlueImp Jquery File Upload widget. The vulnerability is due to the complete lack of server-side authorization or sanitization when handling a file upload. An attacker is thus able to create arbitrary files on the server which in most cases leads to remote arbitrary code execution.

CVE

Bid