Ureport2 Project: >> Ureport2 >> 2.2.9 Security Vulnerabilities
Arbitrary File Write vulnerability in the saveReportFile method of ureport2 2.2.9 and before allows attackers to write arbitrary files and run arbitrary commands via crafted POST request.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-01-03
All versions of package com.bstek.ureport:ureport2-console are vulnerable to Remote Code Execution by connecting to a malicious database server, causing arbitrary file read and deserialization of local gadgets.
CVSS Score
9.8
EPSS Score
0.031
Published
2022-05-01