Ureport Project

ureport_project

6 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (6)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-48848 1Ureport Project 1Ureport Nov 21, 2024 Nov 28, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path.
CVE-2023-24187 1Ureport Project 1Ureport Mar 20, 2025 Feb 14, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 An XML External Entity (XXE) vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code via uploading a crafted XML file to /ureport/designer/saveReportFile.
CVE-2023-24188 1Ureport Project 1Ureport Mar 21, 2025 Feb 13, 2023 N/A· v4 9.1 CRITICAL· v3 N/A· v2 ureport v2.2.9 was discovered to contain a directory traversal vulnerability via the deletion function which allows for arbitrary files to be deleted.
CVE-2020-21125 1Ureport Project 1Ureport Nov 21, 2024 Sep 15, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An arbitrary file creation vulnerability in UReport 2.2.9 allows attackers to execute arbitrary code.
CVE-2020-21124 1Ureport Project 1Ureport Nov 21, 2024 Sep 15, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 UReport 2.2.9 allows attackers to execute arbitrary code due to a lack of access control to the designer page.
CVE-2020-21122 1Ureport Project 1Ureport Nov 21, 2024 Sep 15, 2021 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 UReport v2.2.9 contains a Server-Side Request Forgery (SSRF) in the designer page which allows attackers to detect intranet device ports.