File Upload Functionality
Impact: Informational
Description
The <input>
element with type="file"
enables users to select and upload files from their device storage to a remote server. However, unrestricted file upload functionality can introduce an arbitrary file upload vulnerability, allowing malicious users to upload and potentially execute any file on the server.
Recommendation
To mitigate this risk:
- Implement restrictions on the file types and sizes that users can upload.
- Ensure that uploaded files are stored securely and are not publicly accessible on the web server.
👉 You might also like:
Better Passive Vulnerability Testing with SmartScanner version 1.7
14 Software Security Terms You Should Know
Local File Inclusion - Vulnerability
Remote File Disclosure - Vulnerability
Last updated on May 13, 2024