/vulndb/Unrestricted File Upload

This vulnerability may allow an attacker to upload malicious executable files on to the web server file system, which can be used to deploy backdoors and other types of offensive tools.

Solution

Upload facility should allow only a restricted group of file types to be uploaded. For example if the facility has been designed to upload images it should allow only .gif, .jpg and .png files.

References

http://software-security.sans.org/blog/2009/12/28/8-basic-rules-to-implement-secure-file-uploads/