Search criteria
2 vulnerabilities by jquery_file_upload_project
CVE-2014-8739 (GCVE-0-2014-8739)
Vulnerability from cvelistv5 – Published: 2020-02-08 17:21 – Updated: 2024-08-06 13:26
VLAI?
Summary
Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute arbitrary code by uploading a PHP file with an PHP extension, then accessing it via a direct request to the file in files/, as exploited in the wild in October 2014.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:26:02.461Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/35057/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/36811/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/11/11/4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/11/11/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/11/13/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/sexy-contact-form/changelog/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://osvdb.org/show/osvdb/113669"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://osvdb.org/show/osvdb/113673"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute arbitrary code by uploading a PHP file with an PHP extension, then accessing it via a direct request to the file in files/, as exploited in the wild in October 2014."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-08T17:21:54",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/35057/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/36811/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2014/11/11/4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2014/11/11/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2014/11/13/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/sexy-contact-form/changelog/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://osvdb.org/show/osvdb/113669"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://osvdb.org/show/osvdb/113673"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8739",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute arbitrary code by uploading a PHP file with an PHP extension, then accessing it via a direct request to the file in files/, as exploited in the wild in October 2014."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.exploit-db.com/exploits/35057/",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/35057/"
},
{
"name": "https://www.exploit-db.com/exploits/36811/",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/36811/"
},
{
"name": "http://www.openwall.com/lists/oss-security/2014/11/11/4",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2014/11/11/4"
},
{
"name": "http://www.openwall.com/lists/oss-security/2014/11/11/5",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2014/11/11/5"
},
{
"name": "http://www.openwall.com/lists/oss-security/2014/11/13/3",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2014/11/13/3"
},
{
"name": "https://wordpress.org/plugins/sexy-contact-form/changelog/",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/sexy-contact-form/changelog/"
},
{
"name": "http://osvdb.org/show/osvdb/113669",
"refsource": "MISC",
"url": "http://osvdb.org/show/osvdb/113669"
},
{
"name": "http://osvdb.org/show/osvdb/113673",
"refsource": "MISC",
"url": "http://osvdb.org/show/osvdb/113673"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8739",
"datePublished": "2020-02-08T17:21:54",
"dateReserved": "2014-11-13T00:00:00",
"dateUpdated": "2024-08-06T13:26:02.461Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9206 (GCVE-0-2018-9206)
Vulnerability from cvelistv5 – Published: 2018-10-11 15:00 – Updated: 2025-11-04 14:26
VLAI?
Summary
Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0
Severity ?
No CVSS data available.
CWE
- jQuery-File-Upload <= v9.22.0 unauthenticated arbitrary file upload vulnerability
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Blueimp | Blueimp jQuery-File-Upload |
Affected:
unspecified , ≤ 9.22.0
(custom)
|
Credits
Larry W. Cashdollar
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:51.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106629",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106629"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "46182",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46182/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpvulndb.com/vulnerabilities/9136"
},
{
"name": "45790",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45790/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=204"
},
{
"name": "105679",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105679"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Blueimp jQuery-File-Upload",
"vendor": "Blueimp",
"versions": [
{
"lessThanOrEqual": "9.22.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Larry W. Cashdollar"
}
],
"dateAssigned": "2018-10-09T04:00:00.000Z",
"datePublic": "2018-10-09T04:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUnauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload \u0026lt;= v9.22.0\u003c/p\u003e"
}
],
"value": "Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload \u003c= v9.22.0"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "jQuery-File-Upload \u003c= v9.22.0 unauthenticated arbitrary file upload vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T14:26:56.318Z",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"name": "106629",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106629"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "46182",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46182/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpvulndb.com/vulnerabilities/9136"
},
{
"name": "45790",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45790/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=204"
},
{
"name": "105679",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105679"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2018-10-09",
"ID": "CVE-2018-9206",
"REQUESTER": "larry0@me.com",
"STATE": "PUBLIC",
"UPDATED": "2018-04-08T13:21Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Blueimp jQuery-File-Upload",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "9.22.0"
}
]
}
}
]
},
"vendor_name": "Blueimp"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload \u003c= v9.22.0"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "jQuery-File-Upload \u003c= v9.22.0 unauthenticated arbitrary file upload vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106629",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106629"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "46182",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46182/"
},
{
"name": "https://wpvulndb.com/vulnerabilities/9136",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/9136"
},
{
"name": "45790",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45790/"
},
{
"name": "http://www.vapidlabs.com/advisory.php?v=204",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=204"
},
{
"name": "105679",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105679"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2018-9206",
"datePublished": "2018-10-11T15:00:00",
"dateReserved": "2018-04-02T00:00:00",
"dateUpdated": "2025-11-04T14:26:56.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}