Reliance on File Name or Extension of Externally-Supplied File
This vulnerability occurs when an application uses the name or extension of an uploaded file to decide how to handle it. Attackers can manipulate this by uploading files with deceptive names, causing the application to process them incorrectly and potentially dangerously.
Applications often inspect a file's name or extension to determine the next steps—like which interpreter to use, what data to display, or which resources to allocate. If an attacker uploads a file with a misleading name (e.g., 'malicious.php.gif'), the system might misclassify it and execute it as code instead of treating it as a simple image. This misclassification can lead directly to severe consequences, including remote code execution, denial of service, or unauthorized exposure of sensitive system or application data. This security flaw can stem from multiple sources: a weakness in the web server software itself, an insecure application configuration, or a separate bug in the application's logic. The core issue is trusting unvalidated, user-controlled input (the filename) to make critical security decisions. To prevent this, applications must never rely solely on file names or extensions; instead, they should use positive server-side validation of the file's actual content and type.
Impact: Read Application Data
An attacker may be able to read sensitive data.
Impact: DoS: Crash, Exit, or Restart
An attacker may be able to cause a denial of service.
Impact: Gain Privileges or Assume Identity
An attacker may be able to gain privileges.
High