jQuery File Upload unauthenticated arbitrary file upload
Description
jQuery File Upload is a popular file upload widget that provides features such as multiple file selection, drag-and-drop support, and progress bars. Versions prior to 9.22.1 contain an unauthenticated arbitrary file upload vulnerability that allows attackers to upload files with any extension, including executable server-side scripts. This vulnerability was exposed when changes to Apache Web Server's default security configuration removed protections that previously prevented execution of uploaded PHP files in the upload directory.
Remediation
Immediately upgrade jQuery File Upload to version 9.22.1 or later, which addresses this vulnerability by implementing proper file type validation and upload restrictions.
If immediate upgrade is not possible, implement the following temporary mitigations:
1. Add a .htaccess file to the upload directory to prevent execution of PHP files:
php_flag engine off AddHandler cgi-script .php .php3 .php4 .phtml .pl .py .jsp .asp .htm .shtml .sh .cgi Options -ExecCGI
2. Store uploaded files outside the web root directory and serve them through a controlled download script
3. Implement server-side file type validation based on content inspection, not just file extensions
4. Restrict upload functionality to authenticated users only
5. Review server logs for any suspicious file uploads that may have already occurred