Unrestricted file upload
| State | Resolved February 11, 2021 |
| Issue ID | _pT6eOBl3 |
| Asset | Web application |
| Bounty | $500 |
| Reported in | Undisclosed |
| Reporter | Faisal Hamou |
| Severity | Medium |
| Visibility | Limited |
| Weakness | CWE 434 - Unrestricted Upload of File with Dangerous Type |
Description
In order to expose this vulnerability, the attacker must intercept the file upload request and modify data size and type to bypass restrictions.
Impact - Untrusted file types could be uploaded.
The rest of the report is undisclosed.