CVE-2024-7074
published 2025-06-02CVE-2024-7074: An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper validation of user input in SOAP admin services. A malicious actor with…
PriorityP346medium6.8CVSS 3.1
AVAACLPRHUINSUCHIHAH
EPSS
9.76%
94.9th percentile
An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper validation of user input in SOAP admin services. A malicious actor with administrative privileges can upload an arbitrary file to a user-controlled location on the server.
By leveraging this vulnerability, an attacker could upload a specially crafted payload, potentially achieving remote code execution (RCE) on the server. Exploitation requires valid admin credentials, limiting its impact to authorized but potentially malicious users.
Affected
49 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wso2 | wso2_api_manager | >= 2.0.0 < 2.0.0.28 | 2.0.0.28 |
| wso2 | wso2_api_manager | >= 2.1.0 < 2.1.0.38 | 2.1.0.38 |
| wso2 | wso2_api_manager | >= 2.2.0 < 2.2.0.57 | 2.2.0.57 |
| wso2 | wso2_api_manager | >= 2.5.0 < 2.5.0.83 | 2.5.0.83 |
| wso2 | wso2_api_manager | >= 2.6.0 < 2.6.0.143 | 2.6.0.143 |
| wso2 | wso2_api_manager | >= 3.0.0 < 3.0.0.162 | 3.0.0.162 |
| wso2 | wso2_api_manager | >= 3.1.0 < 3.1.0.293 | 3.1.0.293 |
| wso2 | wso2_api_manager | >= 3.2.0 < 3.2.0.384 | 3.2.0.384 |
| wso2 | wso2_api_manager | >= 3.2.1 < 3.2.1.16 | 3.2.1.16 |
| wso2 | wso2_api_manager | >= 4.0.0 < 4.0.0.305 | 4.0.0.305 |
| wso2 | wso2_api_manager | >= 4.1.0 < 4.1.0.166 | 4.1.0.166 |
| wso2 | wso2_api_manager | >= 4.2.0 < 4.2.0.100 | 4.2.0.100 |
| wso2 | wso2_api_manager | >= 4.3.0 < 4.3.0.16 | 4.3.0.16 |
| wso2 | wso2_carbon_synapse_artifact_uploader_be | >= 4.4.10 < 4.4.10.3 | 4.4.10.3 |
| wso2 | wso2_carbon_synapse_artifact_uploader_be | >= 4.6.1 < 4.6.1.4 | 4.6.1.4 |
| wso2 | wso2_carbon_synapse_artifact_uploader_be | >= 4.6.10 < 4.6.10.4 | 4.6.10.4 |
| wso2 | wso2_carbon_synapse_artifact_uploader_be | >= 4.6.105 < 4.6.105.59 | 4.6.105.59 |
| wso2 | wso2_carbon_synapse_artifact_uploader_be | >= 4.6.150 < 4.6.150.11 | 4.6.150.11 |
| wso2 | wso2_carbon_synapse_artifact_uploader_be | >= 4.6.16 < 4.6.16.2 | 4.6.16.2 |
| wso2 | wso2_carbon_synapse_artifact_uploader_be | >= 4.6.19 < 4.6.19.10 | 4.6.19.10 |
| wso2 | wso2_carbon_synapse_artifact_uploader_be | >= 4.6.6 < 4.6.6.9 | 4.6.6.9 |
| wso2 | wso2_carbon_synapse_artifact_uploader_be | >= 4.6.64 < 4.6.64.2 | 4.6.64.2 |
| wso2 | wso2_carbon_synapse_artifact_uploader_be | >= 4.6.67 < 4.6.67.15 | 4.6.67.15 |
| wso2 | wso2_carbon_synapse_artifact_uploader_be | >= 4.6.89 < 4.6.89.12 | 4.6.89.12 |
| wso2 | wso2_carbon_synapse_artifact_uploader_be | >= 4.7.131 < 4.7.131.15 | 4.7.131.15 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-06-02
Published