Insecure file upload - Files Limit
Description
There is no limit to the number of files that can be uploaded to the system per unit of time, and uploading a new one does not delete the previous one from the server.
Impact
Upload large numbers of files over the upload limit size one after another, using up server storage resources indiscriminately.
Recommendation
Delete previous avatar files when uploading a new one, apply throttling.
Threat
Attacker from the Internet with valid session token to upload files.
Expected Remediation Time
⏱️ 45 minutes.