- Uploading files has become a key feature for most modern web apps - However, when web app devs enable this feature, they also take the risk of allowing end-users to store their potentially malicious data on the web app's back-end server - If the user input and uploaded files are not correctly filtered and validated, attackers may be able to exploit the file upload feature to perform malicious activities, like executing arbitrary commands on the back-end server - File upload vulnerabilities are amongst the most common vulnerabilities found in web and mobile applications, as we can see in the latest [CVE Reports](https://www.cvedetails.com/vulnerability-list/cweid-434/vulnerabilities.html - We will also notice that most of these vulnerabilities are scored as `High` or `Critical` vulnerabilities # Types of File Upload Attacks - The most common reason behind file upload vulns is weak file validation and verification - The worst possible kind of file upload vuln is an `unauthenticated arbitrary file upload` - With this type of vulnerability, a web app allows any unauthenticated user to upload any file type, making it one step away from allowing any user to execute code on the back-end server