What type of vulnerability is described when an attacker uploads a malicious file that executes code on other users’ systems?

The described vulnerability is Remote Code Execution (RCE). This type of vulnerability occurs when an attacker can upload or execute malicious code on a targeted system, which then allows the attacker to execute commands remotely. In scenarios involving file uploads, if the system does not properly validate or sanitize these files, an attacker could upload a harmful executable file that runs on the server. Once executed, this code can run with the same privileges as the user account of the service or application handling the file.

RCE is particularly dangerous because it can lead to full control over the affected system, potentially allowing the attacker to access sensitive data, manipulate files, or even pivot to other systems within the network. Understanding RCE is crucial for securing web applications against unauthorized access and mitigating risks associated with file upload functionalities.