File uploads represent a easy way for an attacker to inject malicious
code into your application. You need to ensure uploaded files are kept
at arm’s length until they are fully secured, or else you risk creating
an easy route to having your systems compromised.
Sophisticated hackers typically exploit a combination of vulnerabilities when
attacking your site – uploading malicious code to a server is step one in the
hacker playbook. The next step is finding a way to execute the malicious code.
Even big companies
fall foul to this vulnerability, particularly if they are running complex,
legacy code bases.