File Upload

Home/Alerts/Alert detail/

Risk:
Medium

Type:
Active

Summary: File Upload scan rule is used to scan the vulnerabilities in the File Upload functionality of web applications.

Solution: Follow the suggestions mentioned in following links: 1. https://portswigger.net/kb/issues/00500980_file-upload-functionality 2. https://www.youtube.com/watch?v=CmF9sEyKZNo

References: https://cwe.mitre.org/data/definitions/434.html

Latest Security News

Over 145,000 Industrial Control Systems Across 175 Countries Found Exposed Online

5 Scattered Spider Gang Members Indicted in Multi-Million Dollar Cybercrime Scheme

Google's AI-Powered OSS-Fuzz Tool Finds 26 Vulnerabilities in Open-Source Projects

NodeStealer Malware Targets Facebook Ad Accounts, Harvesting Credit Card Data

CWE top 25 most dangerous software weaknesses

Ghost Tap: Hackers Exploiting NFCGate to Steal Funds via Mobile Payments

Decades-Old Security Vulnerabilities Found in Ubuntu's Needrestart Package

Microsoft Launches Windows Resiliency Initiative to Boost Security and System Integrity

Common Alerts

InformationalContent-Type Header Empty

HighOut of Band XSS

MediumContent Security Policy (CSP) Header Not Set

InformationalPossible Username Enumeration

InformationalStorable and Cacheable Content

LowCookie Without Secure Flag

HighSpring4Shell

MediumHTTP to HTTPS Insecure Transition in Form Post

InformationalStorable but Non-Cacheable Content

InformationalHTTP Parameter Pollution

Latest CVE List

CVE-2024-38812 VMware vCenter Server Heap-Based Buffer Overflow Vulnerability

CVE-2024-38813 VMware vCenter Server Privilege Escalation Vulnerability

CVE-2024-1212 Progress Kemp LoadMaster OS Command Injection Vulnerability

CVE-2024-0012 Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability

CVE-2024-9474 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability

CVE-2024-9463 Palo Alto Networks Expedition OS Command Injection Vulnerability

CVE-2024-9465 Palo Alto Networks Expedition SQL Injection Vulnerability

CVE-2024-49039 Microsoft Windows Task Scheduler Privilege Escalation Vulnerability

CVE-2024-43451 Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability

CVE-2021-41277 Metabase GeoJSON API Local File Inclusion Vulnerability

Top CWE List

CWE-1245 Improper Finite State Machines (FSMs) in Hardware Logic

HighCWE-805 Buffer Access with Incorrect Length Value

CWE-1072 Data Resource Access without Use of Connection Pooling

CWE-1091 Use of Object without Invoking Destructor Method

CWE-1174 ASP.NET Misconfiguration: Improper Model Validation

HighCWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-1191 On-Chip Debug and Test Interface With Improper Access Control

MediumCWE-190 Integer Overflow or Wraparound

LowCWE-262 Not Using Password Aging

CWE-36 Absolute Path Traversal

Free security scan for your website

Don't show website scan report rating on the leaderboard