ureport arbitrary file read vulnerability
An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path.
Advisories for Maven/Com.bstek.ureport/Ureport2-Core package
2023
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
An XML External Entity (XXE) vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code via uploading a crafted XML file to /ureport/designer/saveReportFile.
Arbitrary file deletion in ureport
ureport v2.2.9 was discovered to contain an arbitrary file deletion vulnerability.
2021
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
An arbitrary file creation vulnerability in UReport 2.2.9 allows attackers to execute arbitrary code.