CVE-2023-48848
- EPSS 0.09%
- Veröffentlicht 28.11.2023 17:15:08
- Zuletzt bearbeitet 21.11.2024 08:32:33
An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path.
CVE-2023-24187
- EPSS 0.05%
- Veröffentlicht 14.02.2023 02:15:10
- Zuletzt bearbeitet 20.03.2025 20:15:29
An XML External Entity (XXE) vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code via uploading a crafted XML file to /ureport/designer/saveReportFile.
CVE-2023-24188
- EPSS 0.32%
- Veröffentlicht 13.02.2023 20:15:10
- Zuletzt bearbeitet 21.03.2025 18:15:31
ureport v2.2.9 was discovered to contain a directory traversal vulnerability via the deletion function which allows for arbitrary files to be deleted.
CVE-2020-21122
- EPSS 0.23%
- Veröffentlicht 15.09.2021 17:15:08
- Zuletzt bearbeitet 21.11.2024 05:12:26
UReport v2.2.9 contains a Server-Side Request Forgery (SSRF) in the designer page which allows attackers to detect intranet device ports.
CVE-2020-21124
- EPSS 0.74%
- Veröffentlicht 15.09.2021 17:15:08
- Zuletzt bearbeitet 21.11.2024 05:12:26
UReport 2.2.9 allows attackers to execute arbitrary code due to a lack of access control to the designer page.
CVE-2020-21125
- EPSS 0.85%
- Veröffentlicht 15.09.2021 17:15:08
- Zuletzt bearbeitet 21.11.2024 05:12:26
An arbitrary file creation vulnerability in UReport 2.2.9 allows attackers to execute arbitrary code.