The file upload function of Agentflow BPM has insufficient filtering for special characters in URLs. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary file and execute arbitrary code to manipulate system or disrupt service.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: twcert
Published: 2022-11-10T02:20:44.321299Z
Updated: 2024-09-16T22:01:59.565Z
Reserved: 2022-08-30T00:00:00
Link: CVE-2022-39036
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-11-10T15:15:14.443
Modified: 2022-11-15T17:18:17.760
Link: CVE-2022-39036
Redhat
No data.