This weakness occurs, when the attacker uploads or transfers files of dangerous types that can be automatically processed within the product's environment. Uploaded files represent a significant risk to applications.
The consequences of unrestricted file upload can vary, including complete system takeover, an overloaded file system or database.
This weakness mostly occurs in applications written in ASP and PHP. Using of code received as a recepient's one attackers can easily control the system and cause arbitrary code execution.
The weakness is introduced during Architecture and Design, Implementation stages.
Latest vulnerabilities for CWE-434
Description of CWE-434 on Mitre website