Vulnerabilities (CVE)

Filtered by vendor Ureport2 Project Subscribe
Filtered by product Ureport2
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-50090 1 Ureport2 Project 1 Ureport2 2024-11-21 N/A 9.8 CRITICAL
Arbitrary File Write vulnerability in the saveReportFile method of ureport2 2.2.9 and before allows attackers to write arbitrary files and run arbitrary commands via crafted POST request.
CVE-2022-25767 1 Ureport2 Project 1 Ureport2 2024-11-21 7.5 HIGH 9.8 CRITICAL
All versions of package com.bstek.ureport:ureport2-console are vulnerable to Remote Code Execution by connecting to a malicious database server, causing arbitrary file read and deserialization of local gadgets.