Insufficiently restricted file uploads can lead to inadvertently running malicious code. For example, a website that doesn't check the file extension of an image can be exploited by uploading a script with an extension, such as .php
or .asp
, that can be run on the server.