Malicious File Upload
Variants:
Direct
Also Known As:
Untrestricted File Upload, Malicious File Execution
Vector Type:
Attack
Relevance:
Generic
Layer:
Application-Level
Platforms:
Any
Target Type:
Application
Affected Mechanisms:
Input Validation
Invented In:
29/01/1999
Added In:
17/12/2014
Vector Operation Method:
Attacker can abuse file upload features to upload malicious files that can be used against the system and its legitimate users for a variety of malicious operations, such as accessing the file and executing it on the server, exposing the harmful file content to legitimate users, etc.
