/claim #14587

PR Information This pull request introduces a new, superior Nuclei template for detecting CVE-2018-9206, an unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload.

After reviewing existing submissions, this template was designed to be more robust and reliable by implementing a three-stage detection logic:

Broader Path Coverage: It tests a list of 10+ common installation paths for jQuery-File-Upload. Verified URL Extraction: It intelligently parses the server’s JSON response to extract the exact URL of the uploaded file. Content Verification: It makes a second request to the extracted URL to verify its content, making the detection 100% reliable and eliminating false positives. Added CVE-2018-9206 References: http://www.vapidlabs.com/advisory.php?v=204 https://nvd.nist.gov/vuln/detail/CVE-2018-9206 Template validation Validated with a host running a vulnerable version and/or configuration (True Positive) Validated with a host running a patched version and/or configuration (avoid False Positive) (Self-validated against a local Docker environment running a vulnerable version of the application.)