Ureport Project: >> Ureport >> 2.2.9 Security Vulnerabilities
An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-11-28
An XML External Entity (XXE) vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code via uploading a crafted XML file to /ureport/designer/saveReportFile.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-02-14
ureport v2.2.9 was discovered to contain a directory traversal vulnerability via the deletion function which allows for arbitrary files to be deleted.
CVSS Score
9.1
EPSS Score
0.002
Published
2023-02-13
UReport v2.2.9 contains a Server-Side Request Forgery (SSRF) in the designer page which allows attackers to detect intranet device ports.
CVSS Score
5.3
EPSS Score
0.002
Published
2021-09-15
UReport 2.2.9 allows attackers to execute arbitrary code due to a lack of access control to the designer page.
CVSS Score
9.8
EPSS Score
0.007
Published
2021-09-15
An arbitrary file creation vulnerability in UReport 2.2.9 allows attackers to execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.009
Published
2021-09-15