CVE-2014-8739: jQuery File Upload Plugin Unrestricted file upload vulnerability
9.8
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.98994%
CWE
Published
5/17/2022
Updated
4/25/2024
KEV Status
No
Technology
PHP
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
blueimp/jquery-file-upload | composer | = 6.4.4 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from the file upload handler in UploadHandler.php
failing to enforce proper file type validation. Multiple exploit references and the CWE-434 classification confirm this is an unrestricted file upload issue. The critical file path (server/php/UploadHandler.php
) is explicitly mentioned in vulnerability descriptions, and the attack vector involves direct upload/execution of PHP
files via this component. While the exact function name isn't explicitly stated in advisories, 'handleFileUpload' is the standard entry point for file processing in jQuery
File Upload's architecture, making it the most likely vulnerable function.