Many applications allow for files to be uploaded for various reasons. Business logic on the server-side must include checking for acceptable files; this is known as whitelisting. If such checks are weak or only address one aspect of file attributes (for example, file extensions only), attackers can exploit these weaknesses and upload unexpected file types that may be executable on the server.