The upload_max_file size is used to set the maximum size for a single upload to the server. This value can be changed in php.ini. Many servers have set upload_max_filesize to higher values, even if the application processes small files. The attacker can view the upload max filesize by executing the phpinfo() function. The attacker can easily exploit this problem and can execute Denial of Service or code injection attacks. The attacker will first try to upload large files to the server. The attacker executes this request from many computers. As many computers are uploading large files, the server will stop responding. Due to this issue, genuine users of the application won’t be able to use the service. This attack is called denial of service.
The following is an example of upload_max_filesize.
The impact include:-
Beagle recommends the following fixes:-