CVE-2018-9206 – Tajer <= 1.0.5 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2018-9206
Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0 Vulnerabilidad de subida de archivos arbitrarios sin autenticar en Blueimp jQuery-File-Upload en versiones iguales o anteriores a la v9.22.0. The Tajer for WordPress is vulnerable to arbitrary file uploads due to inclusion of a vulnerable version of the Blueimp jQuery-File-Upload library in versions up to, and including, 1.0.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. Blueimp jQuery File Upload versions 9.22.0 and below suffer from a remote file upload vulnerability. • https://www.exploit-db.com/exploits/45790 https://www.exploit-db.com/exploits/46182 https://www.exploit-db.com/exploits/45584 https://github.com/Den1al/CVE-2018-9206 https://github.com/mi-hood/CVE-2018-9206 http://www.securityfocus.com/bid/105679 http://www.securityfocus.com/bid/106629 http://www.vapidlabs.com/advisory.php?v=204 https://wpvulndb.com/vulnerabilities/9136 https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html https://github.com/blue • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2014-8739 – Creative Contact Form < 1.0.0 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2014-8739
Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute arbitrary code by uploading a PHP file with an PHP extension, then accessing it via a direct request to the file in files/, as exploited in the wild in October 2014. Una vulnerabilidad de carga de archivos sin restricciones en el archivo server/php/UploadHandler.php en el jQuery File Upload Plugin versión 6.4.4 para jQuery, como es usado en el Creative Solutions Creative Contact Form (anteriormente Sexy Contact Form) versiones anteriores a 1.0.0 para WordPress, y versiones anteriores a 2.0.1 para Joomla!, permite a atacantes remotos ejecutar código arbitrario mediante la carga de un archivo PHP con una extensión PHP, y luego acceder a él mediante una petición directa al archivo en files/, como se explotó "in the wild" en octubre de 2014. • https://www.exploit-db.com/exploits/36811 https://www.exploit-db.com/exploits/35057 http://osvdb.org/show/osvdb/113669 http://osvdb.org/show/osvdb/113673 http://www.openwall.com/lists/oss-security/2014/11/11/4 http://www.openwall.com/lists/oss-security/2014/11/11/5 http://www.openwall.com/lists/oss-security/2014/11/13/3 https://wordpress.org/plugins/sexy-contact-form/changelog • CWE-434: Unrestricted Upload of File with Dangerous Type •