File upload validation is a frequently used technique for checking potentially dangerous uploads in order to ensure that the uploads are safe processing within the code, or when communicating with other components. Incomplete or missing upload validation leads to parts of the system receiving unintended upload.
Penetration tester found that upload feature accepting all file extensions such as .exe, .jsp, .php, etc., we also found that the upload feature also does not have size limitation and also accept any file size when user uploading file to the application.
This improper file upload validation could allows an attacker to delivers a file for malicious intent.
