Clarify vuln (re)discovery vs. disclosure

https://www.bleepingcomputer.com/news/security/jquery-file-upload-plugin-vulnerable-for-8-years-and-only-hackers-knew/

documentation/modules/exploit/unix/webapp/jquery_file_upload.md

@@ -6,6 +6,9 @@ handler for blueimp's jQuery File Upload widget in versions <= 9.22.0.
 Due to a default configuration in Apache 2.3.9+, the widget's `.htaccess`
 file may be disabled, enabling exploitation of this vulnerability.
 
+This vulnerability has been exploited in the wild since at least 2015
+and was publicly disclosed to the vendor in 2018.
+
 ## Setup
 
 <https://github.com/blueimp/jQuery-File-Upload/wiki/Setup#using-jquery-file-upload-ui-version-on-php-websites>

modules/exploits/unix/webapp/jquery_file_upload.rb

@@ -19,9 +19,12 @@ class MetasploitModule < Msf::Exploit::Remote
 
         Due to a default configuration in Apache 2.3.9+, the widget's .htaccess
         file may be disabled, enabling exploitation of this vulnerability.
+
+        This vulnerability has been exploited in the wild since at least 2015
+        and was publicly disclosed to the vendor in 2018.
       },
       'Author'         => [
-        'Larry W. Cashdollar', # Discovery and PoC
+        'Larry W. Cashdollar', # Advisory and PoC
         'wvu'                  # Metasploit module
       ],
       'References'     => [
@@ -30,7 +33,7 @@ class MetasploitModule < Msf::Exploit::Remote
         ['URL', 'https://github.com/blueimp/jQuery-File-Upload/pull/3514'],
         ['URL', 'https://github.com/lcashdol/Exploits/tree/master/CVE-2018-9206']
       ],
-      'DisclosureDate' => 'Oct 9 2018',
+      'DisclosureDate' => 'Oct 9 2018', # Public disclosure
       'License'        => MSF_LICENSE,
       'Platform'       => ['php', 'linux'],
       'Arch'           => [ARCH_PHP, ARCH_X86, ARCH_X64],