A flaw was found in eclipse-birt. An attacker can use query parameters to create a JSP file which is accessible from remote (current BIRT viewer dir) to inject JSP code into the running instance. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.