CWE-646
Reliance on File Name or Extension of Externally-Supplied File
The product allows a file to be uploaded, but it relies on the file name or extension of the file to determine the appropriate behaviors. This could be used by attackers to cause the file to be misclassified and processed in a dangerous fashion.
Official CWE-646 definition at MITREImpactr finds and proves weaknesses like CWE-646 in your web apps and APIs - investigating, chaining, and validating each with a reproducible exploit.
Join the waitlist