Unrestricted File Upload

high Web App Scanning Plugin ID 114283

Synopsis

Unrestricted File Upload

Description

Unrestricted file upload vulnerability occurs when the application suffers from a lack of validation of files being uploaded to its filesystem. When an attacker is able to upload files not matching the application expectations in terms of names, type, content or size, it could lead to various issues such as arbitrary files overwrite, denial of service or even remote code execution.

Note that this plugin requires the 'File Upload' assessment option enabled in the scan configuration.

Solution

Ensure that all controls apply on the file being uploaded : - Implement an allowlist of the accepted file extensions and ensure that it cannot be bypassed. - Ensure that the permissions applied on the uploaded file are set to the strict minimum and prevents execution. - Ensure that the filename does not contain any substring that could be used by the function writing the file as a directory traversal pattern. - Rename the uploaded files to avoid overwriting local system files. - Ensure that the file size is acceptable and not too big, to avoid service disruption due to disk space consumption or overbilling when using cloud services.

See Also

https://owasp.org/www-community/vulnerabilities/Unrestricted_File_Upload

Plugin Details

Severity: High

ID: 114283

Type: remote

Published: 6/5/2024

Updated: 9/26/2024

Scan Template: basic, full, pci, scan

Risk Information

VPR

Risk Factor: Medium

Score: 6.2

CVSS v2

Risk Factor: High

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:C/A:P

CVSS Score Source: Tenable

CVSS v3

Risk Factor: High

Base Score: 8.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

CVSS Score Source: Tenable

CVSS v4

Risk Factor: High

Base Score: 8.8

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N

CVSS Score Source: Tenable

Reference Information