CVSS v2.0: 4.3 (Medium)
- >= 4.2.2
There is an issue where if an HTML file is uploaded with a .html
extension, but the content type is listed as being
will bypass a validation checking for images. But it will also pass the
spoof check, because a file named .html and containing actual HTML
passes the spoof check.