Vulnerabilities > CVE-2023-24187 - XXE vulnerability in Ureport Project Ureport 2.2.9

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

ureport-project

CWE-611

NVD

Published: 2023-02-14

Updated: 2023-02-22

Summary

An XML External Entity (XXE) vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code via uploading a crafted XML file to /ureport/designer/saveReportFile.

Vulnerable Configurations

Part	Description	Count
Application	Ureport_Project Ureport Project Ureport 2.2.9	1

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

References

http://ureport.com
https://github.com/youseries/ureport
https://github.com/cgddgc/vulns/blob/main/ureport2-vuln-des.md
https://github.com/Venus-WQLab/bug_report/blob/main/ureport/ureport-cve-2023-24187.md