漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Authenticated Arbitrary File Upload in Multiple WSO2 Products via BPEL Uploader SOAP Service Leading to Remote Code Execution
Vulnerability Description
An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper validation of user-supplied filenames in the BPEL uploader SOAP service endpoint. A malicious actor with administrative privileges can upload arbitrary files to a user-controlled location on the server. By leveraging this vulnerability, an attacker can upload a specially crafted payload and achieve remote code execution (RCE), potentially compromising the server and its data.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
WSO2 Enterprise Integrator 安全漏洞
Vulnerability Description
WSO2 Enterprise Integrator是美国WSO2公司的一套开源的混合集成平台。该平台支持多个应用程序之间进行通信。 WSO2 Enterprise Integrator存在安全漏洞,该漏洞源于BPEL上传器SOAP服务端点未正确验证用户提供的文件名,可能导致任意文件上传。
CVSS Information
N/A
Vulnerability Type
N/A