High-Risk Issue: File Upload Mechanism Accepts Arbitrary File Types Without Filtering

[mayur-bhawar]

The application allows users to upload any file type (e.g php, exe, html, svg) in
collection folders without validating file content, type, or extension.
• This allows attackers to upload executable or interpretable files that can be
executed or served by the server. If file upload is tied to public access or executed by
web app, it becomes a launching point for various client-side or server-side attacks.
Security Impact
• Lack of validation on file extension, MIME type, and content; missing server-side
enforcement causes this vulnerability.
• Leads to multiple attack vectors such as:

• Remote Code Execution (if web shell is uploaded)
• Stored XSS (via HTML/JS/SVG files)
• Malware distribution (EXE/DLL upload)
• File overwrite or path traversal

[manthey]

There is a plugin: https://github.com/DigitalSlideArchive/girder-clamav that can be added to a system to scan for malware. There shouldn't be a way to make the server execute any uploaded file. If you have found such a way, please share so it can be stopped.