File Upload Functionality
Impact: Informational
Description
An <input> element with type="file" lets user choose one or more files from their device storage. Then, the files can be uploaded to a remote server.
An unrestricted file upload functionality can cause an arbitrary file upload vulnerability where malicious users can upload (and execute) any file to the server.
Recommendation
Restrict file type size that users can select. Make sure the uploaded files are not publicly accessible on the web.
👉 You might also like:
Better Passive Vulnerability Testing with SmartScanner version 1.7
14 Software Security Terms You Should Know
WordPress Plugin File Groups 1.1.2 SQLI - Vulnerability
Local File Inclusion - Vulnerability
Last updated on July 07, 2021