Improper File Upload Validation

cancel
Showing results for 
Search instead for 
Did you mean: 
leochan168
Member II

Improper File Upload Validation

File upload validation is a frequently used technique for checking potentially dangerous uploads in order to ensure that the uploads are safe processing within the code, or when communicating with other components. Incomplete or missing upload validation leads to parts of the system receiving unintended upload.

Penetration tester found that upload feature accepting all file extensions such as .exe, .jsp, .php, etc., we also found that the upload feature also does not have size limitation and also accept any file size when user uploading file to the application.

 

This improper file upload validation could allows an attacker to delivers a file for malicious intent.

1 Reply
angelborroy
Alfresco Employee

Re: Improper File Upload Validation

Since the product allows to upload every file type, there are different solutions from Community addons that may help to restrict the mimetypes accepted in the Repository.

This addon from @abhinavmishra14 is recommended when dealing with this vulnerability:

https://github.com/abhinavmishra14/alfresco-mimetype-blocker

Hyland Developer Evangelist