Vulnerability Type: - Unrestricted File Upload Vendor of Product: - Tejari Affected Product Code Base: - Bravo Solution Affected Component: - Web Interface Management. Attack Type: - Local - Authenticated Impact: - Malicious File Upload Attack Scenario: - The Web Interface of the Bravo Tejari procurement portal does not use perform server-side check on uploaded files. An attacker who has access to the application can bypass client-side checks and uploads malicious executable, on the web-server. Impact: - The uploaded files are not properly validated by the application. An attacker can take advantage of this vulnerability and upload malicious executable files to compromise the application. Recommendation: - All uploaded files must be validated on both the client and server side before storing them on the server.