Vulnerabilities (CVE)

Filtered by vendor Ureport Project Subscribe
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-48848 1 Ureport Project 1 Ureport 2024-11-21 N/A 7.5 HIGH
An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path.
CVE-2023-24188 1 Ureport Project 1 Ureport 2024-11-21 N/A 9.1 CRITICAL
ureport v2.2.9 was discovered to contain a directory traversal vulnerability via the deletion function which allows for arbitrary files to be deleted.
CVE-2023-24187 1 Ureport Project 1 Ureport 2024-11-21 N/A 7.8 HIGH
An XML External Entity (XXE) vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code via uploading a crafted XML file to /ureport/designer/saveReportFile.
CVE-2020-21125 1 Ureport Project 1 Ureport 2024-11-21 7.5 HIGH 9.8 CRITICAL
An arbitrary file creation vulnerability in UReport 2.2.9 allows attackers to execute arbitrary code.
CVE-2020-21124 1 Ureport Project 1 Ureport 2024-11-21 7.5 HIGH 9.8 CRITICAL
UReport 2.2.9 allows attackers to execute arbitrary code due to a lack of access control to the designer page.
CVE-2020-21122 1 Ureport Project 1 Ureport 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
UReport v2.2.9 contains a Server-Side Request Forgery (SSRF) in the designer page which allows attackers to detect intranet device ports.