The file upload function of Agentflow BPM has insufficient filtering for special characters in URLs. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary file and execute arbitrary code to manipulate system or disrupt service.
Metrics
Affected Vendors & Products
References
History
No history.

Status: PUBLISHED
Assigner: twcert
Published: 2022-11-10T02:20:44.321299Z
Updated: 2024-09-16T22:01:59.565Z
Reserved: 2022-08-30T00:00:00
Link: CVE-2022-39036

No data.

Status : Modified
Published: 2022-11-10T15:15:14.443
Modified: 2024-11-21T07:17:25.333
Link: CVE-2022-39036

No data.