CWE-646
Overview
- CWE ID
- 646
- CWE Name
- Reliance on File Name or Extension of Externally-Supplied File
- CWE Abstraction
- Variant
- CWE structure
- Simple
- CWE Status
- Incomplete
Description
The software allows a file to be uploaded, but it relies on the file name or extension of the file to determine the appropriate behaviors. This could be used by attackers to cause the file to be misclassified and processed in a dangerous fashion.
Extended Description
An application might use the file name or extension of of a user-supplied file to determine the proper course of action, such as selecting the correct process to which control should be passed, deciding what data should be made available, or what resource
Related CWEs
CWE ID | View ID | Nature | Ordinal |
---|---|---|---|
345 | 1000 | ChildOf | Primary |