📦 Ureport

CVE-2023-24188 is a directory traversal vulnerability in ureport v2.2.9 that allows attackers to delete arbitrary files on the server by exploiting the deletion function. This affects all systems runn...

CVE-2020-21124 is a critical access control vulnerability in UReport 2.2.9 that allows attackers to reach the designer page without authentication, leading to arbitrary code execution. This affects al...

CVE-2023-48848 is an arbitrary file read vulnerability in ureport v2.2.9 that allows remote attackers to read sensitive files on the server by manipulating file paths. This affects systems running vul...

This XXE vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code by uploading a specially crafted XML file to the /ureport/designer/saveReportFile endpoint. Attackers can potentiall...