The host is installed with WSO2 API Manager 2.6.0 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle an issue in file upload component. Successful exploitation could allow attackers to upload any type of file by changing the extension to an allowed one.