Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ureport
(Ureport_project)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 6 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2023-11-28 | CVE-2023-48848 | An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path. | Ureport | 7.5 | ||
2023-02-13 | CVE-2023-24188 | ureport v2.2.9 was discovered to contain a directory traversal vulnerability via the deletion function which allows for arbitrary files to be deleted. | Ureport | 9.1 | ||
2023-02-14 | CVE-2023-24187 | An XML External Entity (XXE) vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code via uploading a crafted XML file to /ureport/designer/saveReportFile. | Ureport | 7.8 | ||
2021-09-15 | CVE-2020-21122 | UReport v2.2.9 contains a Server-Side Request Forgery (SSRF) in the designer page which allows attackers to detect intranet device ports. | Ureport | 5.3 | ||
2021-09-15 | CVE-2020-21124 | UReport 2.2.9 allows attackers to execute arbitrary code due to a lack of access control to the designer page. | Ureport | 9.8 | ||
2021-09-15 | CVE-2020-21125 | An arbitrary file creation vulnerability in UReport 2.2.9 allows attackers to execute arbitrary code. | Ureport | 9.8 |