Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-28168

The Multiple File Upload add-on component 3.1.0 for OutSystems is vulnerable to Unrestricted File Upload. This occurs because file extension and size validations are enforced solely on the client side. An attacker can intercept the upload request and modify a parameter to bypass extension restrictions and upload arbitrary files. NOTE: this is a third-party component that is not supplied or supported by OutSystems.

Published

2025-05-05T14:15:28.500

Last Modified

2025-09-30T17:01:40.920

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.4 (MEDIUM)

Weaknesses

Type: Secondary
CWE-602
Type: Primary
CWE-434

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	multiple_file_upload_project	multiple_file_upload	3.1.0	Yes

References

https://gist.github.com/IamLeandrooooo/01090be3023f5e7c7397bb9b1f5505b9 Third Party Advisory ([email protected])
https://www.outsystems.com/forge/component-overview/200/multiple-file-upload-o11 Product ([email protected])