Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0

According to its self-reported version, the Nessus Network Monitor running on the remote host is prior to 6.3.1. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2023-43 advisory.

  - Nessus Network Monitor leverages third-party software to help provide underlying functionality. Several of     the third-party components (HandlebarsJS, OpenSSL, and jquery-file-upload)were found to contain     vulnerabilities, and updated versions have been made available by the providers.Out of caution and in line     with best practice, Tenable has opted to upgrade these components to address the potential impact of the     issues. Nessus Network Monitor 6.3.1 updates HandlebarsJS to version 4.7.8, OpenSSL to version 3.0.12, and     jquery-file-upload to version 10.8.0. Tenable has released Nessus Network Monitor 6.3.1 to address these     issues. The installation files can be obtained from the Tenable Downloads Portal     (https://www.tenable.com/downloads/nessus-network-monitor). (CVE-2018-9206, CVE-2021-23369,     CVE-2021-23383, CVE-2023-5363)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to its self-reported version number, the Oracle Primavera Unifier installation running on the remote web server is 16.x prior to 16.2.15.6 or 17.x prior to 17.12.9.2 or 18.x prior to 18.8.4.1. It is, therefore, affected by multiple vulnerabilities:

  - An arbitrary file upload vulnerability exists in Blueimp     jQuery-File-Upload. An unauthenticated, remote attacker     can exploit this to upload arbitrary files on the remote     host subject to the privileges of the user.

  - A remote command execution vulnerability exists in     jackson-databind due to a failure to block various     classes from polymorphic deserialization. An     unauthenticated, remote attacker can exploit this to     execute arbitrary code. (CVE-2018-14718, CVE-2018-14719     CVE-2018-14720, CVE-2018-14721)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to its self-reported version number, jQuery File Upload is prior to 9.22.1. Therefore, it may be affected by an arbitrary file upload vulnerability. An unauthenticated attacker could leverage this vulnerability to gain access to the host in the context of the web application user.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of jQuery-File-Upload running on the remote host is affected by an arbitrary file upload vulnerability. An unauthenticated attacker could leverage this vulnerability to gain access to the host in the context of the web application user.

The version of jQuery File Upload running on the remote host is affected by an arbitrary file upload vulnerability. An unauthenticated attacker could leverage this vulnerability to gain access to the host in the context of the web application user.

Note: This has been detected using an active check and should be remediated immediately.

ID	Name	Product	Family	Severity
186472	Nessus Network Monitor < 6.3.1 Multiple Vulnerabilities (TNS-2023-43)	Nessus	Misc.	critical
121251	Oracle Primavera Unifier Multiple Vulnerabilities (Jan 2019 CPU)	Nessus	CGI abuses	critical
112456	jQuery File Upload < 9.22.1 Arbitrary File Upload	Web App Scanning	Component Vulnerability	critical
118310	jQuery-File-Upload Arbitrary File Upload Vulnerability (Remote Check)	Nessus	CGI abuses	critical
98233	jQuery File Upload Arbitrary File Upload	Web App Scanning	Component Vulnerability	critical

Detections

Analytics

CVE-2018-9206

critical

Tenable Plugins

critical

critical

critical

critical

critical