CVE-2014-8739: Unrestricted Upload of File with Dangerous Type

February 8, 2020 (updated February 12, 2020)

An unrestricted file upload vulnerability in the jQuery File Upload Plugin server/php/UploadHandler.php allows remote attackers to execute arbitrary code by uploading a PHP file with an PHP extension. This file is then accessible via a direct request to the file in files/.

References

nvd.nist.gov/vuln/detail/CVE-2014-8739
www.exploit-db.com/exploits/35057/
www.exploit-db.com/exploits/36811/

Detect and mitigate CVE-2014-8739 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →