Page 2 of 11 results (0.016 seconds)
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 3
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 3CVE-2021-26814
https://notcve.org/view.php?id=CVE-2021-26814
06 Mar 2021 — Wazuh API in Wazuh from 4.0.0 to 4.0.3 allows authenticated users to execute arbitrary code with administrative privileges via /manager/files URI. An authenticated user to the service may exploit incomplete input validation on the /manager/files API to inject arbitrary code within the API service script. La API de Wazuh en Wazuh desde versiones 4.0.0 hasta 4.0.3, permite a usuarios autenticados ejecutar código arbitrario con privilegios administrativos por medio del URI /manager/files. Un usuario auten... • https://github.com/WickdDavid/CVE-2021-26814 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •