CVE-2022-39036

The file upload function of Agentflow BPM has insufficient filtering for special characters in URLs. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary file and execute arbitrary code to manipulate system or disrupt service...

CVE-2022-39037

Agentflow BPM file download function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files...

CVE-2022-39038

Agentflow BPM enterprise management system has improper authentication. A remote attacker with general user privilege can change the name of the user account to acquire arbitrary account privilege, and access, manipulate system or disrupt service...

Authentication flaw

Agentflow BPM enterprise management system has improper authentication. A remote attacker with general user privilege can change the name of the user account to acquire arbitrary account privilege, and access, manipulate system or disrupt service...

Unrestricted file upload

The file upload function of Agentflow BPM has insufficient filtering for special characters in URLs. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary file and execute arbitrary code to manipulate system or disrupt service...

Path traversal

Agentflow BPM file download function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files...

CVE-2022-39038 FLOWRING Agentflow BPM - Broken Access Control

Agentflow BPM enterprise management system has improper authentication. A remote attacker with general user privilege can change the name of the user account to acquire arbitrary account privilege, and access, manipulate system or disrupt service...

CVE-2022-39038 FLOWRING Agentflow BPM - Broken Access Control

Agentflow BPM enterprise management system has improper authentication. A remote attacker with general user privilege can change the name of the user account to acquire arbitrary account privilege, and access, manipulate system or disrupt service...

CVE-2022-39038

The CVE concerns Flowring Technology’s Agentflow BPM Enterprise Management System. Affected component: improper authentication that allows a remote attacker with general user privileges to rename a user account, enabling arbitrary account privilege escalation and potential to access, manipulate, ...

CVE-2022-39037 FLOWRING Agentflow BPM - Path Traversal

Agentflow BPM file download function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files...

CVE-2022-39037

CVE-2022-39037 affects Flowring Technology’s Agentflow BPM, where the file download feature suffers a path traversal flaw. An unauthenticated remote attacker can rely on this to bypass authentication and download arbitrary system files. The vulnerability is documented across multiple sources (NVD...

CVE-2022-39037 FLOWRING Agentflow BPM - Path Traversal

Agentflow BPM file download function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files...

CVE-2022-39036 FLOWRING Agentflow BPM - Arbitrary File Upload

The file upload function of Agentflow BPM has insufficient filtering for special characters in URLs. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary file and execute arbitrary code to manipulate system or disrupt service...

CVE-2022-39036

The CVE-2022-39036 entry concerns Flowring Technology’s Agentflow BPM. The vulnerability is a file upload flaw caused by insufficient filtering of special characters in URLs, enabling an unauthenticated remote attacker to upload arbitrary files and execute arbitrary code, potentially manipulating...

CVE-2022-39036 FLOWRING Agentflow BPM - Arbitrary File Upload

The file upload function of Agentflow BPM has insufficient filtering for special characters in URLs. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary file and execute arbitrary code to manipulate system or disrupt service...

Flowring Technology Agentflow BPM 路径遍历漏洞

Flowring Technology Agentflow BPM is an enterprise process management system from Flowring Technology, a Chinese company. A path traversal vulnerability exists in Flowring Technology Agentflow BPM, which arises from a file download feature that allows an unauthenticated, remote attacker to bypass...

Flowring Technology Agentflow BPM 代码问题漏洞

Flowring Technology Agentflow BPM is an enterprise process management system from Flowring Technology China. A code issue exists in Flowring Technology Agentflow BPM, which arises from an insufficient filtering of special characters in the url of the file upload function, which could allow an...

Flowring Technology Agentflow BPM 授权问题漏洞

Flowring Technology Agentflow BPM is an enterprise process management system from Flowring Technology. Flowring Technology Agentflow BPM suffers from an authorization vulnerability that arises from improper authentication of its enterprise management system, which could allow a remote attacker wi...

PT-2022-24691 · Unknown · Agentflow Bpm

Name of the Vulnerable Software and Affected Versions: Agentflow BPM affected versions not specified Description: The Agentflow BPM file download function has a path traversal issue. This allows an unauthenticated remote attacker to bypass authentication and download arbitrary system files...

PT-2022-24690 · Unknown · Agentflow Bpm

Name of the Vulnerable Software and Affected Versions: Agentflow BPM affected versions not specified Description: The file upload function has insufficient filtering for special characters in URLs. An unauthenticated remote attacker can exploit this to upload arbitrary files and execute arbitrary...