topic Improper File Upload Validation in Alfresco Forum https://connect.hyland.com/t5/alfresco-forum/improper-file-upload-validation/m-p/144545#M38365 <P>File upload validation is a frequently used technique for checking potentially dangerous uploads in order to ensure that the uploads are safe processing within the code, or when communicating with other components. Incomplete or missing upload validation leads to parts of the system receiving unintended upload.</P><P>Penetration tester found that upload feature accepting all file extensions such as .exe, .jsp, .php, etc., we also found that the upload feature also does not have size limitation and also accept any file size when user uploading file to the application.</P><P>This improper file upload validation could allows an attacker to delivers a file for malicious intent.</P> Mon, 27 Mar 2023 03:13:53 GMT leochan168 2023-03-27T03:13:53Z Improper File Upload Validation https://connect.hyland.com/t5/alfresco-forum/improper-file-upload-validation/m-p/144545#M38365 <P>File upload validation is a frequently used technique for checking potentially dangerous uploads in order to ensure that the uploads are safe processing within the code, or when communicating with other components. Incomplete or missing upload validation leads to parts of the system receiving unintended upload.</P><P>Penetration tester found that upload feature accepting all file extensions such as .exe, .jsp, .php, etc., we also found that the upload feature also does not have size limitation and also accept any file size when user uploading file to the application.</P><P>This improper file upload validation could allows an attacker to delivers a file for malicious intent.</P> Mon, 27 Mar 2023 03:13:53 GMT https://connect.hyland.com/t5/alfresco-forum/improper-file-upload-validation/m-p/144545#M38365 leochan168 2023-03-27T03:13:53Z Re: Improper File Upload Validation https://connect.hyland.com/t5/alfresco-forum/improper-file-upload-validation/m-p/144546#M38366 <P>Since the product allows to upload every file type, there are different solutions from Community addons that may help to restrict the mimetypes accepted in the Repository.</P> <P>This addon from <A href="https://migration33.stage.lithium.com/t5/user/viewprofilepage/user-id/74498">@abhinavmishra14</A> is recommended when dealing with this vulnerability:</P> <P><A href="https://github.com/abhinavmishra14/alfresco-mimetype-blocker" target="_blank" rel="nofollow noopener noreferrer">https://github.com/abhinavmishra14/alfresco-mimetype-blocker</A></P> Mon, 27 Mar 2023 07:56:29 GMT https://connect.hyland.com/t5/alfresco-forum/improper-file-upload-validation/m-p/144546#M38366 angelborroy 2023-03-27T07:56:29Z