Objective

To mitigate the risk of unauthorized or harmful file uploads to the server.

Issue

Malicious actors can upload harmful files to the server, which may lead to security vulnerabilities or system compromise.

Impact

• Execution of malicious code
• Unauthorized access or data manipulation
• Potential system compromise

Affected Area

• File Upload Functionality

Solution

This issue has been addressed in AutomationEdge version 8.1.0.

Recommendation

• Upgrade to AE version 8.1.0 or above
• Restrict file uploads to only required file types using a whitelisting approach

Allowed File Types (Recommended)

• .pdf
• .doc / .docx
• .xls / .xlsx
• .csv
• .txt
• .jpg / .jpeg
• .png

Restricted File Types

• .exe, .bat, .sh, .js, .jar, .war, .php, .py, .cmd

Validation

• Verify application version is 8.1.0 or higher
• Attempt uploading restricted file types → should be blocked
• Confirm only allowed file types are accepted

Note

• Use whitelisting (allow only required file types) for better security
• Validate both file extension and MIME type