Vulnerabilities > Ureport Project

DATE CVE VULNERABILITY TITLE RISK
2023-11-28 CVE-2023-48848 Path Traversal vulnerability in Ureport Project Ureport 2.2.9
An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path.
network
low complexity
ureport-project CWE-22
7.5
2023-02-14 CVE-2023-24187 XXE vulnerability in Ureport Project Ureport 2.2.9
An XML External Entity (XXE) vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code via uploading a crafted XML file to /ureport/designer/saveReportFile.
local
low complexity
ureport-project CWE-611
7.8
2023-02-13 CVE-2023-24188 Path Traversal vulnerability in Ureport Project Ureport 2.2.9
ureport v2.2.9 was discovered to contain a directory traversal vulnerability via the deletion function which allows for arbitrary files to be deleted.
network
low complexity
ureport-project CWE-22
critical
9.1
2021-09-15 CVE-2020-21122 Server-Side Request Forgery (SSRF) vulnerability in Ureport Project Ureport 2.2.9
UReport v2.2.9 contains a Server-Side Request Forgery (SSRF) in the designer page which allows attackers to detect intranet device ports.
network
low complexity
ureport-project CWE-918
5.0
2021-09-15 CVE-2020-21124 Incorrect Authorization vulnerability in Ureport Project Ureport 2.2.9
UReport 2.2.9 allows attackers to execute arbitrary code due to a lack of access control to the designer page.
network
low complexity
ureport-project CWE-863
7.5
2021-09-15 CVE-2020-21125 Unspecified vulnerability in Ureport Project Ureport 2.2.9
An arbitrary file creation vulnerability in UReport 2.2.9 allows attackers to execute arbitrary code.
network
low complexity
ureport-project
7.5