Details

    • Message:
      Hide
      * Explicitly disable "file_uploads".
      * Update this configuration to disable "file_uploads".
      Show
      * Explicitly disable "file_uploads". * Update this configuration to disable "file_uploads".
    • Default Severity:
      Blocker
    • Impact:
      High
    • Likelihood:
      High
    • Covered Languages:
      PHP
    • Remediation Function:
      Constant/Issue
    • Constant Cost:
      5min
    • Analysis Scope:
      Main Sources
    • Common Rule:
      Yes
    • CWE:
      CWE-434
    • OWASP:
      A6
    • SANS Top 25:
      Insecure Interaction Between Components

      Description

      file_uploads is an on-by-default PHP configuration that allows files to be uploaded to your site. Since accepting candy files from strangers is inherently dangerous, this feature should be disabled unless it is absolutely necessary for your site.

      This rule raises an issue when file_uploads is not explicitly disabled.

      Noncompliant Code Example

      ; php.ini
      file_uploads=1  ; Noncompliant
      

      Compliant Solution

      ; php.ini
      file_uploads=0
      

      See

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                ann.campbell.2 Ann Campbell
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated: