File Upload Functionality

Impact: Informational


An <input> element with type="file" lets user choose one or more files from their device storage. Then, the files can be uploaded to a remote server. An unrestricted file upload functionality can cause an arbitrary file upload vulnerability where malicious users can upload (and execute) any file to the server.


Restrict file type size that users can select. Make sure the uploaded files are not publicly accessible on the web.

Last updated on July 07, 2021

Use SmartScanner Free version to test for this issue