At its core, CWE-434 occurs when an application fails to restrict file uploads to safe and intended file types. This weakness allows attackers to upload malicious files, potentially executing arbitrary code, accessing sensitive data, or gaining unauthorised access to the system.
Missing Authorisation, identified by CWE-862, refers to a software weakness where an application fails to verify if a user is permitted to access specific resources or perform certain actions. While authentication establishes identity, authorisation ensures that the authenticated user has the necessary permissions. When authorisation is missing, attackers can exploit this oversight to access sensitive data, perform unauthorised transactions, or disrupt services.
At its core, a Use After Free vulnerability occurs when a program continues to use memory after it has been freed or deallocated. This behaviour can result in undefined behaviour, ranging from crashes and data corruption to critical security breaches, including arbitrary code execution.
OS Command Injection occurs when an application dynamically constructs operating system (OS) commands using untrusted inputs, enabling an attacker to execute arbitrary commands on the host system. These commands often run with the same privileges as the application, amplifying the potential impact.
Out-of-Bounds Read occurs when a program reads data past the allocated boundary of a buffer. This behaviour typically arises from improper validation of input data or incorrect indexing in memory operations. By exploiting this weakness, attackers can gain unauthorised access to sensitive information, potentially leading to security violations.