DerScanner
Home / Vulnerability Database / Java : Unsafe file upload
Java

Java : Unsafe file upload

Classification

OWASP Top 10 2013
A1-Injection
OWASP Top 10 2017
A1-Injection
OWASP Top 10 2021
A3-Injection
OWASP ASVS
Files and ResourcesFiles and Resources
PCI DSS 4.0
6.2.4
CWE
CWE-1027

Overview

The application receives a file attached to a SOAP-message. This can be exploited to upload malicious data or code to the server.

If users can upload files to a publicly accessible directory, an attacker can use this for remote execution of malicious code on the server.

References

  1. OWASP Top 10 2017-A1-Injection
  2. OWASP Top 10 2013-A1-Injection
  3. CWE-434: Unrestricted Upload of File with Dangerous Type
  4. CWE CATEGORY: OWASP Top Ten 2017 Category A1 - Injection
LOW

DerScanner Severity Score

Do you want to fix Java : Unsafe file upload in your application?

See also

Java

Java : Race condition

Java

Java : Text4Shell Vulnerability

Java

Java : JNI usage