Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-29464
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach a directory under the web root, such as a ../../../../repository/deployment/server/webapps directory. This affects WSO2 API Manager 2.2.0 up to 4.0.0, WSO2 Identity Server 5.2.0 up to 5.11.0, WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0 and 5.6.0, WSO2 Identity Server as Key Manager 5.3.0 up to 5.11.0, WSO2 Enterprise Integrator 6.2.0 up to 6.6.0, WSO2 Open Banking AM 1.4.0 up to 2.0.0 and WSO2 Open Banking KM 1.4.0, up to 2.0.0.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
WSO2 API Manager 路径遍历漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
WSO2 API Manager是美国WSO2公司的一套API生命周期管理解决方案。 WSO2 API Manager 存在路径遍历漏洞,该漏洞允许无限制的文件上传和远程代码执行。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
-n/a n/a -
II. Public POCs for CVE-2022-29464
#POC DescriptionSource LinkShenlong Link
1WSO2 RCE (CVE-2022-29464) exploit and writeup.https://github.com/hakivvi/CVE-2022-29464POC Details
2Nonehttps://github.com/tufanturhan/wso2-rce-cve-2022-29464POC Details
3Pre-auth RCE bug CVE-2022-29464https://github.com/mr-r3bot/WSO2-CVE-2022-29464POC Details
4cve-2022-29464 批量脚本https://github.com/Lidong-io/cve-2022-29464POC Details
5WSO2 RCE (CVE-2022-29464) https://github.com/h3v0x/CVE-2022-29464POC Details
6 Repository containing nse script for vulnerability CVE-2022-29464 known as WSO2 RCE.https://github.com/gpiechnik2/nmap-CVE-2022-29464POC Details
7Nonehttps://github.com/0xAgun/CVE-2022-29464POC Details
8😭 WSOB is a python tool created to exploit the new vulnerability on WSO2 assigned as CVE-2022-29464.https://github.com/oppsec/WSOBPOC Details
9Nonehttps://github.com/crypticdante/CVE-2022-29464POC Details
10Nonehttps://github.com/lowkey0808/cve-2022-29464POC Details
11CVE-2022-29464 POC exploithttps://github.com/superzerosec/CVE-2022-29464POC Details
121https://github.com/axin2019/CVE-2022-29464POC Details
13cve-2022-29464 EXPhttps://github.com/LinJacck/CVE-2022-29464POC Details
14A bots loader for CVE-2022-29464 with multithreadinghttps://github.com/Inplex-sys/CVE-2022-29464-loaderPOC Details
15Python script to exploit CVE-2022-29464 (mass mode)https://github.com/Chocapikk/CVE-2022-29464POC Details
16CVE-2022-29464 PoC for WSO2 productshttps://github.com/jimidk/Better-CVE-2022-29464POC Details
17Mass Exploit for CVE 2022-29464 on Carbonhttps://github.com/electr0lulz/Mass-exploit-CVE-2022-29464POC Details
18Python script to exploit CVE-2022-29464 (mass mode)https://github.com/xinghonghaoyue/CVE-2022-29464POC Details
19CVE-2022-29464 Exploithttps://github.com/Pasch0/WSO2RCEPOC Details
20Nonehttps://github.com/r4x0r1337/-CVE-2022-29464POC Details
21Nonehttps://github.com/amit-pathak009/CVE-2022-29464POC Details
22Nonehttps://github.com/amit-pathak009/CVE-2022-29464-massPOC Details
23WSO2 Arbitrary File Upload to Remote Command Execution (RCE)https://github.com/hupe1980/CVE-2022-29464POC Details
24RCE exploit for WSO2https://github.com/gbrsh/CVE-2022-29464POC Details
25Nonehttps://github.com/Jhonsonwannaa/CVE-2022-29464-POC Details
26Nonehttps://github.com/devengpk/CVE-2022-29464POC Details
27Perform With Mass Exploits In WSO Management.https://github.com/ThatNotEasy/CVE-2022-29464POC Details
28A PoC and Exploit for CVE 2022-29464https://github.com/Pushkarup/CVE-2022-29464POC Details
29SynixCyberCrimeMY CVE Exploiter By SamuraiMelayu1337 & ?/h4zzzzzz.scchttps://github.com/SynixCyberCrimeMy/CVE-2022-29464POC Details
30WSO2 RCE (CVE-2022-29464) https://github.com/hev0x/CVE-2022-29464POC Details
31Nonehttps://github.com/H3xL00m/CVE-2022-29464POC Details
32Nonehttps://github.com/n3ov4n1sh/CVE-2022-29464POC Details
33Nonehttps://github.com/c0d3cr4f73r/CVE-2022-29464POC Details
34CVE-2022-29464 exploit scripthttps://github.com/cc3305/CVE-2022-29464POC Details
35Nonehttps://github.com/Sp3c73rSh4d0w/CVE-2022-29464POC Details
36Nonehttps://github.com/0xwh1pl4sh/CVE-2022-29464POC Details
37Nonehttps://github.com/N3rdyN3xus/CVE-2022-29464POC Details
38Nonehttps://github.com/NyxByt3/CVE-2022-29464POC Details
39Nonehttps://github.com/h3xcr4ck3r/CVE-2022-29464POC Details
40Nonehttps://github.com/mpvx/CVE-2022-29464POC Details
41Nonehttps://github.com/n3rdh4x0r/CVE-2022-29464POC Details
42Python script to exploit CVE-2022-29464 (mass mode)https://github.com/g0dxing/CVE-2022-29464POC Details
43Nonehttps://github.com/c1ph3rbyt3/CVE-2022-29464POC Details
44Mass Exploit for CVE 2022-29464 on Carbonhttps://github.com/hxlxmj/Mass-exploit-CVE-2022-29464POC Details
45😭 WSOB is a python tool created to exploit the new vulnerability on WSO2 assigned as CVE-2022-29464.https://github.com/000pp/WSOBPOC Details
46Certain WSO2 products allow unrestricted file upload with resultant remote code execution. This affects WSO2 API Manager 2.2.0 and above through 4.0.0; WSO2 Identity Server 5.2.0 and above through 5.11.0; WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0, and 5.6.0; WSO2 Identity Server as Key Manager 5.3.0 and above through 5.10.0; and WSO2 Enterprise Integrator 6.2.0 and above through 6.6.0. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-29464.yamlPOC Details
47Nonehttps://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/WSO2%20fileupload%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%BC%8F%E6%B4%9E%20CVE-2022-29464.mdPOC Details
48Nonehttps://github.com/h3x0v3rl0rd/CVE-2022-29464POC Details
49A bots loader for CVE-2022-29464 with multithreadinghttps://github.com/SystemVll/CVE-2022-29464-loaderPOC Details
50😭 WSOB is a python tool created to exploit the new vulnerability on WSO2 assigned as CVE-2022-29464.https://github.com/0xdsm/WSOBPOC Details
51A bots loader for CVE-2022-29464 with multithreadinghttps://github.com/SystemVll/CVE-2022-29464POC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2022-29464
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: n/a
Same vendor: n/a
V. Comments for CVE-2022-29464

No comments yet

Leave a comment