made a management system for government departments, and later asked us to rectify the hidden security problems. One of the requirements is that the file name uploaded by the user cannot contain special characters.
is it really possible to attack the server through uploaded files?