DerScanner
Home / Vulnerability Database / C-sharp : Unsafe file upload
C#

C-sharp : Unsafe file upload

Classification

OWASP Top 10 2013
A1-Injection
OWASP Top 10 2017
A1-Injection
OWASP Top 10 2021
A3-Injection
OWASP ASVS
Files and ResourcesFiles and Resources
PCI DSS 4.0
6.2.4
CWE
CWE-1027

Overview

The application saves a file from an untrusted source. This can be exploited to upload malicious data or code to the server.

If users can upload files to a publicly accessible directory, an attacker can use this for remote execution of malicious code on the server.

References

  1. OWASP Top 10 2017-A1-Injection
  2. OWASP Top 10 2013-A1-Injection
  3. CWE-434: Unrestricted Upload of File with Dangerous Type
  4. HtmlInputFile Class - msdn.microsoft.com
  5. CWE CATEGORY: OWASP Top Ten 2017 Category A1 - Injection
LOW

DerScanner Severity Score

Do you want to fix C-sharp : Unsafe file upload in your application?

See also

C#

C-sharp : JWT: None Algorithm

C#

C-sharp : Insecure data transmission: Database

C#

C-sharp : Only one of method Equals() and GetHashCode() defined