CWE-SANS-Top-25/Insecure-interaction-between-components/CWE-434  

From Aldeid
Jump to: navigation, search

Contents

CWE-434: Unrestricted Upload of File with Dangerous Type

Description

Many web applications enable file upload (images, avatars, documents, ...). If it hasn't a proper filtering mechanism, the application is likely to accept other files than pictures and documents. For example, an attacker could exploit it to download a PHP script, disguised with a gif extension.

Risk measurement

Weakness Prevalence Common
Remediation Cost Medium
Attack Frequency Sometimes
Consequences Code execution
Ease of Detection Moderate
Attacker Awareness Medium

Comments

Share this article  •  Tweet it!  •  Email this  •  Digg it  •  Share on Facebook

Talk:CWE-SANS-Top-25/Insecure-interaction-between-components/CWE-434

Retrieved from "http://www.aldeid.com/w/index.php?title=CWE-SANS-Top-25/Insecure-interaction-between-components/CWE-434&oldid=17654"
Personal tools
Namespaces

Variants
Actions
Security
Menu
Misc
Toolbox