Shell Upload Owasp

OWASP Top 10 A8: Cross-Site Request Forgery (CSRF) CWE CWE-352. x suffers from cross site scripting and remote shell upload vulnerabilities.