Description

It is possible to modify the path to which an uploaded file will be saved.

Impact

- Save files in paths other than those expected by the application. - Overwrite important files within the system by referring to the path where the upload is performed.

Recommendation

Validate uploaded files names on the system and restrict the storage to destined folders only.

Threat

Anonymous attacker from external network.

Expected Remediation Time

⏱️ 30 minutes.

Requirements

Fixes