File upload validation is a frequently used technique for checking potentially dangerous uploads in order to ensure that the uploads are safe processing within the code, or when communicating with other components. Incomplete or missing upload validation leads to parts of the system receiving unintended upload.
Penetration tester found that upload feature accepting all file extensions such as .exe, .jsp, .php, etc., we also found that the upload feature also does not have size limitation and also accept any file size when user uploading file to the application.
This improper file upload validation could allows an attacker to delivers a file for malicious intent.
Since the product allows to upload every file type, there are different solutions from Community addons that may help to restrict the mimetypes accepted in the Repository.
This addon from @abhinavmishra14 is recommended when dealing with this vulnerability:
https://github.com/abhinavmishra14/alfresco-mimetype-blocker
Ask for and offer help to other Alfresco Content Services Users and members of the Alfresco team.
Related links:
By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods). If you are not ok with these terms, please do not use this website.