User File Upload Enhanced File Type and Content Filtering - Feature Request - Deskpro Support
Our IT department completed a penetration test of our system and the security on the DeskPro user file upload system was deemed inadequate. They found that even though "php" files were blocked, adding additional "." to the end were able to get around the restriction. Also, they were concerned about the lack of content filtering because malicious code could be uploaded under a white-listed extension and then have the extension changed later.