← back
CVE-2022-29464

CVE-2022-29464

CVSS 9.8 CRITICALEPSS 100.0%● KEVCWE-22
In short

A flaw in WSO2 products allows attackers to upload files without proper restrictions to sensitive directories, enabling them to execute arbitrary code on the server. An attacker exploits a file upload endpoint by using path traversal tricks to bypass security checks.

Technical detail

The vulnerability exists in the /fileupload endpoint where insufficient validation of the Content-Disposition header allows directory traversal (CWE-22). An unauthenticated attacker can craft a request with traversal sequences (e.g., ../../../../repository/deployment/server/webapps) to write files to the web root, achieving remote code execution. Affected versions span multiple WSO2 products including API Manager, Identity Server, Enterprise Integrator, and Open Banking components.

Summary generated and translated by AI from the official description.
Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach a directory under the web root, such as a ../../../../repository/deployment/server/webapps directory. This affects WSO2 API Manager 2.2.0 up to 4.0.0, WSO2 Identity Server 5.2.0 up to 5.11.0, WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0 and 5.6.0, WSO2 Identity Server as Key Manager 5.3.0 up to 5.11.0, WSO2 Enterprise Integrator 6.2.0 up to 6.6.0, WSO2 Open Banking AM 1.4.0 up to 2.0.0 and WSO2 Open Banking KM 1.4.0, up to 2.0.0.
CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N
Affected products
n/a · n/a
public PoCs found30
githubgithub.com/hakivvi/CVE-2022-29464377githubgithub.com/0xdsm/WSOB28githubgithub.com/SystemVll/CVE-2022-2946411githubgithub.com/Ap0dexMe0/CVE-2022-294649githubgithub.com/gbrsh/CVE-2022-294647githubgithub.com/hev0x/CVE-2022-294645githubgithub.com/Lidong-io/cve-2022-294645githubgithub.com/Chocapikk/CVE-2022-294645githubgithub.com/jimidk/Better-CVE-2022-294645githubgithub.com/r4x0r1337/-CVE-2022-294644githubgithub.com/hupe1980/CVE-2022-294643githubgithub.com/gpiechnik2/nmap-CVE-2022-294643githubgithub.com/mr-r3bot/WSO2-CVE-2022-294642githubgithub.com/superzerosec/CVE-2022-294642githubgithub.com/tufanturhan/wso2-rce-cve-2022-294642githubgithub.com/hxlxmj/Mass-exploit-CVE-2022-294641githubgithub.com/Pasch0/WSO2RCE1githubgithub.com/Pushkarup/CVE-2022-294641githubgithub.com/amit-pathak009/CVE-2022-29464-mass1githubgithub.com/axin2019/CVE-2022-294641githubgithub.com/devengpk/CVE-2022-294641githubgithub.com/LinJacck/CVE-2022-294641githubgithub.com/0xAgun/CVE-2022-294641githubgithub.com/c1ph3rbyt3/CVE-2022-294640githubgithub.com/h3x0v3rl0rd/CVE-2022-294640githubgithub.com/lowkey0808/cve-2022-294640githubgithub.com/amit-pathak009/CVE-2022-294640githubgithub.com/SynixCyberCrimeMy/CVE-2022-294640githubgithub.com/cc3305/CVE-2022-294640cve_referencepacketstormsecurity.com/files/166921/WSO-Arbitrary-File-Upload-Remote-Code-Execution.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/166921/WSO-Arbitrary-File-Upload-Remote-Code-Execution.htmlhttps://github.com/hakivvi/CVE-2022-29464https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2022/WSO2-2021-1738/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-29464http://www.openwall.com/lists/oss-security/2022/04/22/7