CVE-2021-26814
Published
CVSS v3
8.8
HIGH
CVSS v2
6.5
MEDIUM
Affected
1
PROJECT
Description
Wazuh API in Wazuh from 4.0.0 to 4.0.3 allows authenticated users to execute arbitrary code with administrative privileges via /manager/files URI. An authenticated user to the service may exploit incomplete input validation on the /manager/files API to inject arbitrary code within the API service script.
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
GitHub