Arbitrary File Upload Vulnerability in OutSystems Platform 10

Arbitrary File Upload Vulnerability in OutSystems Platform 10

CVE-2020-29441 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

An issue was discovered in the Upload Widget in OutSystems Platform 10 before 10.0.1019.0. An unauthenticated attacker can upload arbitrary files. In some cases, this attack may consume the available database space (Denial of Service), corrupt legitimate data if files are being processed asynchronously, or deny access to legitimate uploaded files.

Learn more about our Web Application Penetration Testing UK.