Product:

Ureport

(Ureport_project)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 6
Date Id Summary Products Score Patch Annotated
2023-11-28 CVE-2023-48848 An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path. Ureport 7.5
2023-02-13 CVE-2023-24188 ureport v2.2.9 was discovered to contain a directory traversal vulnerability via the deletion function which allows for arbitrary files to be deleted. Ureport 9.1
2023-02-14 CVE-2023-24187 An XML External Entity (XXE) vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code via uploading a crafted XML file to /ureport/designer/saveReportFile. Ureport 7.8
2021-09-15 CVE-2020-21122 UReport v2.2.9 contains a Server-Side Request Forgery (SSRF) in the designer page which allows attackers to detect intranet device ports. Ureport 5.3
2021-09-15 CVE-2020-21124 UReport 2.2.9 allows attackers to execute arbitrary code due to a lack of access control to the designer page. Ureport 9.8
2021-09-15 CVE-2020-21125 An arbitrary file creation vulnerability in UReport 2.2.9 allows attackers to execute arbitrary code. Ureport 9.8