413 – Insecure file upload - DLL Injection

Description

The application does not properly validate the DLL files, allowing the injection of malicious DLLS

Impact

Inject backdoors, virus, or other types of malicious files into the application

Recommendation

- Verify with an antivirus that the imported DLLs do not contain virus, backdoors or potentially harmful information - Define a white-list of allowed DLLs and their respective integrity hashes

Threat

Anonymous attacker from local machine

Expected Remediation Time

20 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: L
• Attack complexity: L
• Attack Requirements: N
• Privileges required: N
• User interaction: N
• Confidentiality (VC): N
• Integrity (VI): L
• Availability (VA): N
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: P

Requirements

• 040 - Compare file format and extension
• 041 - Scan files for malicious code

Fixes

• Csharp

Last updated

2024/02/21