- Description
- The Multiple File Upload add-on component 3.1.0 for OutSystems is vulnerable to Unrestricted File Upload. This occurs because file extension and size validations are enforced solely on the client side. An attacker can intercept the upload request and modify a parameter to bypass extension restrictions and upload arbitrary files. NOTE: this is a third-party component that is not supplied or supported by OutSystems.
- Source
- cve@mitre.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 6.4
- Impact score
- 2.7
- Exploitability score
- 3.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
- Hype score
- Not currently trending
CVE-2025-28168 Unrestricted File Upload Vulnerability in Outsystems Multiple File Upload < 3.1.0 https://t.co/I1VD1KMhGD
@VulmonFeeds
5 May 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-28168 Outsystems Multiple File Upload < 3.1.0 is vulnerable to Unrestricted File Upload. The vulnerability is because file extension and size validations are enforced solel… https://t.co/SzuSm7lK1M
@CVEnew
5 May 2025
417 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes