VYPR

Maven package

com.bstek.ureport/ureport2-core

pkg:maven/com.bstek.ureport/ureport2-core

Vulnerabilities (4)

  • CVE-2023-48848Nov 28, 2023
    affected <= 2.2.9

    An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path.

  • CVE-2023-24187Feb 14, 2023
    affected <= 2.2.9

    An XML External Entity (XXE) vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code via uploading a crafted XML file to /ureport/designer/saveReportFile.

  • CVE-2023-24188Feb 13, 2023
    affected <= 2.2.9

    ureport v2.2.9 was discovered to contain a directory traversal vulnerability via the deletion function which allows for arbitrary files to be deleted.

  • CVE-2020-21125Sep 15, 2021
    affected <= 2.2.9

    An arbitrary file creation vulnerability in UReport 2.2.9 allows attackers to execute arbitrary code.