CWE-434: Unrestricted Upload of File with Dangerous Type
Many web applications enable file upload (images, avatars, documents, ...). If it hasn't a proper filtering mechanism, the application is likely to accept other files than pictures and documents. For example, an attacker could exploit it to download a PHP script, disguised with a gif extension.
|Ease of Detection||Moderate|