**Name of the Vulnerable Software and Affected Versions**

WSO2 products (affected versions not specified)

**Description**

An arbitrary file upload issue exists because of insufficient validation of filenames submitted by users in the BPEL uploader SOAP service endpoint. An attacker with administrative access can upload files to a location controlled by the user on the server. Exploiting this can allow an attacker to upload a malicious payload and achieve remote code execution (RCE), potentially compromising the server and its data. The vulnerable endpoint is '/services/bpel/upload'. The vulnerability involves improper handling of user-supplied filenames.

**Recommendations**

At the moment, there is no information about a newer version that contains a fix for this vulnerability.