Threat Post

Thousands of Applications Vulnerable to RCE via jQuery File Upload

The flaw has existed for eight years thanks to a security change in Apache. A widely used plugin by Blueimp called jQuery File Upload contains a years-old vulnerability that potentially places 7,800 ...
GitHub

An article about jQuery file upload to RCE

jQuery-File-Upload is a plugin for the jQuery library that allows you to upload files to the server and receive the results. This plugin has various features, including uploading multiple files at the ...
GitHub

jQuery Ajax File Upload

Load the script files first. In html page create a target element. upload_path: "/" // to which the file is uploaded POST request browse_text: "browse" // text on the browse link multiple: true // ...
ZDNet

Zero-day in popular jQuery plugin actively exploited for at least three years

For at least three years, hackers have abused a zero-day in one of the most popular jQuery plugins to plant web shells and take over vulnerable web servers, ZDNet has learned. The vulnerability ...
Bleeping Computer

jQuery File Upload Plugin Vulnerable for 8 Years and Only Hackers Knew

jQuery File Upload has been vulnerable for eight years, since the Apache 2.3.9 release in 2010. The coding faux pas did not go unnoticed all this time, and the method for exploiting it has been shared ...