Lucee treats POSTed files as regular form fields if they are missing the "Content-Type" multipart MIME header.
I ran into this when posting a file from Adobe ColdFusion to Lucee.
I believe this occurs due to this code:
When Adobe ColdFusion cannot automatically determine the "mimeType" attribute it doesn't set the "Content-Type" header at all. For example, if the filename was "hello.txt" instead of "hello.tmp" then it would send the correct "Content-Type". I think Lucee always sets a "Content-Type", falling back to "text/plain".
Lucee behaves differently than ColdFusion, which doesn't depend on the "Content-Type" header being present.
A workaround for Adobe ColdFusion is to specify the mimeType attribute on cfhttpparam instead of letting it automatically determine the type. However I think the "Content-Type" is optional and the bug is in Lucee. This could affect anything that posts files to Lucee.
Here's an example POST that illustrates the problem: