ZDNet

Zero-day in popular jQuery plugin actively exploited for at least three years

For at least three years, hackers have abused a zero-day in one of the most popular jQuery plugins to plant web shells and take over vulnerable web servers, ZDNet has learned. The vulnerability ...
Threat Post

Thousands of Applications Vulnerable to RCE via jQuery File Upload

The flaw has existed for eight years thanks to a security change in Apache. A widely used plugin by Blueimp called jQuery File Upload contains a years-old vulnerability that potentially places 7,800 ...
Bleeping Computer

jQuery File Upload Plugin Vulnerable for 8 Years and Only Hackers Knew

Exploit described in YouTube videos jQuery File Upload has been vulnerable for eight years, since the Apache 2.3.9 release in 2010. The coding faux pas did not go unnoticed all this time, and the ...
Computer Weekly

File upload security best practices: Block a malicious file upload

We need to allow our customers to upload files for one of our Web applications. What are the security implications of allowing users to upload files on our website? The ability to upload files on a ...