12 matches found
EUVD-2021-1886
Malware in sbrugna...
PT-2025-67: XML external entity leads to Local File Read and Server-side request forgery in FastReport.NET
The vulnerability was identified in FastReport .NET, versions 2024.2.20. The discovered vulnerability, due to the ability to inject and expand external entities, can be exploited by an attacker to read arbitrary local files and perform server‑side request forgery SSRF with full response retrieval...
PT-2025-30599 · Fast Reports · Fastreport .Net
Уязвимость библиотеки генерации отчетов и документов FastReport .NET связана с неверным ограничением XML-ссылок на внешние объекты. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, получить несанкционированный доступ на чтение файлов и осуществить SSRF-атаку...
CVE-2020-27998
An issue was discovered in FastReport before 2020.4.0. It lacks a ScriptSecurity feature and therefore may mishandle for example GetType, typeof, TypeOf, DllImport, LoadLibrary, and GetProcAddress...
GHSA-V726-3VG9-CP34 Missing Authorization in FastReport
An issue was discovered in FastReport before 2020.4.0. It lacks a ScriptSecurity feature and therefore may mishandle for example GetType, typeof, TypeOf, DllImport, LoadLibrary, and GetProcAddress...
Missing Authorization in FastReport
An issue was discovered in FastReport before 2020.4.0. It lacks a ScriptSecurity feature and therefore may mishandle for example GetType, typeof, TypeOf, DllImport, LoadLibrary, and GetProcAddress...
Remote Code Execution (RCE)
FastReport.OpenSource is vulnerable to remote code execution RCE. An attacker can create a new expression or edit an existing one into, for example System.String.Join",", System.IO.Directory.GetDirectories@"c:/" as the library does not use ScriptSecurity feature and mishandle GetType, typeof,...
CVE-2020-27998
An issue was discovered in FastReport before 2020.4.0. It lacks a ScriptSecurity feature and therefore may mishandle for example GetType, typeof, TypeOf, DllImport, LoadLibrary, and GetProcAddress...
CVE-2020-27998
An issue was discovered in FastReport before 2020.4.0. It lacks a ScriptSecurity feature and therefore may mishandle for example GetType, typeof, TypeOf, DllImport, LoadLibrary, and GetProcAddress...
Design/Logic Flaw
An issue was discovered in FastReport before 2020.4.0. It lacks a ScriptSecurity feature and therefore may mishandle for example GetType, typeof, TypeOf, DllImport, LoadLibrary, and GetProcAddress...
CVE-2020-27998
An issue was discovered in FastReport before 2020.4.0. It lacks a ScriptSecurity feature and therefore may mishandle for example GetType, typeof, TypeOf, DllImport, LoadLibrary, and GetProcAddress...
CVE-2020-27998
CVE-2020-27998 affects FastReport prior to 2020.4.0, where the missing ScriptSecurity feature can allow mishandling of scripting constructs such as GetType, typeof, TypeOf, DllImport, LoadLibrary, and GetProcAddress. This creates potential remote-execution/code-injection-like risks as noted in mu...