Understanding CWE-434: Unrestricted Upload of File with Dangerous Type
At its core, CWE-434 occurs when an application fails to restrict file uploads to safe and intended file types. This weakness allows attackers to upload malicious files, potentially executing arbitrary code, accessing sensitive data, or gaining unauthorised access to the system.