Design/Logic Flaw

2024-01-0320:15:00

PRIOn knowledge base

www.prio-n.com

design flaw

logic flaw

arbitrary file write

vulnerability

savereportfile

ureport2

crafted post request

7.5 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

39.3%

JSON

Arbitrary File Write vulnerability in the saveReportFile method of ureport2 2.2.9 and before allows attackers to write arbitrary files and run arbitrary commands via crafted POST request.

CPENameOperatorVersion
ureport2le2.2.9

CPE	Name	Operator	Version
	ureport2	le	2.2.9

References

github.com/advisories/GHSA-445x-c8qq-qfr9

lemono.fun/thoughts/UReport2-RCE.html