Unrestricted file upload

State Resolved
February 11, 2021
Issue ID _pT6eOBl3
Asset Web application
Bounty $500
Reported at Undisclosed
Reporter Faisal Hamou
Severity Medium
Visibility Limited
Weakness CWE 434 - Unrestricted Upload of File with Dangerous Type

Description

In order to expose this vulnerability, the attacker must intercept the file upload request and modify data size and type to bypass restrictions.
Impact - Untrusted file types could be uploaded.


The rest of the report is undisclosed.