| Name | wso2_file_upload_rce |
| CVE | CVE-2022-29464 |
| Exploit Pack | CANVAS |
| Description | wso2_file_upload_rce |
| Notes | CVE Name: CVE-2022-29464 NOTES: Certain WSO2 products allow unrestricted file uploads which may result in remote code execution (RCE). This occurs due to a directory traversal vulnerability triggered within the Content-Disposition. Tested against: - WSO2 API Manager 2.5.0 - WSO2 API Manager 3.2.0 - WSO2 API Manager 4.0.0 CVE Url: https://nvd.nist.gov/vuln/detail/CVE-2022-29464 CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Date public: 04/18/22 |
| Learn more about the CANVAS Exploit Pack here: CANVAS |