Arbitrary Code Execution
Affecting blueimp-file-upload package, versions <9.22.1
blueimp-file-upload is a File Upload widget with multiple file selection, drag&drop support, progress bars, validation and preview images, audio and video for jQuery.
Affected versions of this package are vulnerable to Arbitrary Code Execution due to allowing the upload of arbitrary files. It did not require any validation to upload files to the server.
blueimp-file-upload to version 9.22.1 or higher.