logo
DATABASE RESOURCES PRICING ABOUT US

Improper Input Validation (RCE)

Description

Wazuh API in Wazuh from 4.0.0 to 4.0.3 allows authenticated users to execute arbitrary code with administrative privileges via /manager/files URI. An authenticated user to the service may exploit incomplete input validation on the /manager/files API to inject arbitrary code within the API service script.


Affected Software


CPE Name Name Version
wazuh 4.0.0
wazuh 4.0.3

Related