Unrated severityNVD Advisory· Published Nov 10, 2022· Updated May 1, 2025

FLOWRING Agentflow BPM - Arbitrary File Upload

CVE-2022-39036

Description

The file upload function of Agentflow BPM has insufficient filtering for special characters in URLs. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary file and execute arbitrary code to manipulate system or disrupt service.

Affected products

Flowring/Agentflow Bpmv5
Range: 4.0.0.1183.552

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.flowring.com/2022/09/19/%e7%94%a2%e5%93%81%e6%9b%b4%e6%96%b0agentflow-v4-0%e3%80%81v3-7%e5%a4%be%e6%aa%94%e5%8a%9f%e8%83%bd%e8%b3%87%e5%ae%89%e4%bf%ae%e6%ad%a3/mitre
www.twcert.org.tw/tw/cp-132-6682-21207-1.htmlmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.005
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000