Lucene search
HistoryJan 03, 2024 - 8:15 p.m.
CVE-2023-50090
arbitrary file write
ureport2
post request
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.6
Confidence
High
EPSS
0.001
Percentile
39.1%
Arbitrary File Write vulnerability in the saveReportFile method of ureport2 2.2.9 and before allows attackers to write arbitrary files and run arbitrary commands via crafted POST request.
Affected configurations
Node
ureport2_projectureport2Range≤2.2.9
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ureport2_project | ureport2 | * | cpe:2.3:a:ureport2_project:ureport2:*:*:*:*:*:*:*:* |
Related
prion
prion
Design/Logic Flaw
2024-01-03 20:15:00
osv
osv
CVE-2023-50090
2024-01-03 20:15:21
cvelist
cvelist
CVE-2023-50090
2024-01-03 00:00:00
cve
cve
CVE-2023-50090
2024-01-03 20:15:21
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.6
Confidence
High
EPSS
0.001
Percentile
39.1%
Related for NVD:CVE-2023-50090