Description

The Multiple File Upload add-on component 3.1.0 for OutSystems is vulnerable to Unrestricted File Upload. This occurs because file extension and size validations are enforced solely on the client side. An attacker can intercept the upload request and modify a parameter to bypass extension restrictions and upload arbitrary files. NOTE: this is a third-party component that is not supplied or supported by OutSystems.

INFO

Published Date :

2025-05-05T00:00:00.000Z

Last Modified :

2025-08-26T19:27:57.951Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-28168 vulnerability.

Vendors Products
Multiple File Upload Project
  • Multiple File Upload
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-28168.

URL Resource
https://gist.github.com/IamLeandrooooo/01090be3023f5e7c7397bb9b1f5505b9 cve-icon cve-icon
https://www.outsystems.com/forge/component-overview/200/multiple-file-upload-o11 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact