Summary #

Netsparker detected a code execution via file upload. Netsparker successfully uploaded a file and when requesting the uploaded file, code is executed in the context of the web server.

Impact #
The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, and so forth.
Remediation #
  • Never accept a filename and its extension directly without having a white-list filter.
  • Uploaded directory should not have any "execute" permission.
Classifications #
PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-210, CWE-94, HIPAA-94, ISO27001-A.14.2.5, WASC-42, OWASP 2013-A1, OWASP 2017-A1 , CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Helpful Use Cases #
Vulnerability Index

Vulnerability Index

You can search and find all vulnerabilities


Search Vulnerability


Dead accurate, fast & easy-to-use Web Application Security Scanner

Get a demo