Issue name

File upload functionality

Typical severity

Information

Issue description

File upload functionality is commonly associated with a number of vulnerabilities, including:

You should review file upload functionality to understand its purpose, and establish whether uploaded content is ever returned to other application users, either through their normal usage of the application or by being fed a specific link by an attacker.

Some factors to consider when evaluating the security impact of this functionality include:

Issue remediation

File upload functionality is not straightforward to implement securely. Some recommendations to consider in the design of this functionality include:

References

Vulnerability classifications

Web intro