Restrict write permissions on web-accessible directories to prevent the execution of uploaded scripts.
The vulnerability exists in the BneMultipartRequest class, which handles file uploads for the Oracle Web Applications Desktop Integrator (Web ADI). Arbitrary File Upload leading to RCE. hAX.zip
Security researchers often structure this ZIP file to exploit the extraction process: hAX.zip