CVEs-PoC/2021/CVE-2021-26814.md

### [CVE-2021-26814](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26814)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

Wazuh API in Wazuh from 4.0.0 to 4.0.3 allows authenticated users to execute arbitrary code with administrative privileges via /manager/files URI. An authenticated user to the service may exploit incomplete input validation on the /manager/files API to inject arbitrary code within the API service script.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/0day404/vulnerability-poc
- https://github.com/ARPSyndicate/cvemon
- https://github.com/CYS4srl/CVE-2021-26814
- https://github.com/EdgeSecurityTeam/Vulnerability
- https://github.com/KayCHENvip/vulnerability-poc
- https://github.com/NaInSec/CVE-PoC-in-GitHub
- https://github.com/SYRTI/POC_to_review
- https://github.com/Threekiii/Awesome-POC
- https://github.com/WhooAmii/POC_to_review
- https://github.com/WickdDavid/CVE-2021-26814
- https://github.com/cyllective/CVEs
- https://github.com/d4n-sec/d4n-sec.github.io
- https://github.com/joydo/CVE-Writeups
- https://github.com/k0mi-tg/CVE-POC
- https://github.com/manas3c/CVE-POC
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/paolorabbito/Internet-Security-Project---CVE-2021-26814
- https://github.com/soosmile/POC
- https://github.com/trhacknon/Pocingit
- https://github.com/tzwlhack/Vulnerability
- https://github.com/whoforget/CVE-POC
- https://github.com/youwizard/CVE-POC
- https://github.com/zecool/cve