An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper validation of user input in SOAP admin services. A malicious a

PRODUCTS

02-06-2025 19:20

CVE-2024-7074 Vulnerabilidad documentada

6.8 MEDIUM

Tags

#exploit

#server

#product

#admin

#products

#vulnerability

#improper

#arbitrary

#remote

#privilege

#malicious

#execution

#attack

Descripción

An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper validation of user input SOAP admin services. A malicious actor with administrative privileges can an a user-controlled location on the server. By leveraging this vulnerability, attacker could specially crafted payload, potentially achieving remote code execution (RCE) server. Exploitation requires valid credentials, limiting its impact authorized but users.

https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2024-3566/

Referencia

Link externo

Ver detalles

Fuente

https://nvd.nist.gov/vuln/detail/CVE-2024-7074

Resultados similares

Coincidentes en almenos en 50% de los tags

04-06-2025 CVE-2025-1701
CVE-2025-1701 is a high-severity vulnerability in the MIM Admin service. An attacker could expl...
Ver información

04-06-2025
Cisco Unified Communications Products Command Injection Vulnerability A vulnerability in t...
Ver información