Remote Code Execution

com.bstek.ureport:ureport2-console is vulnerable to remote code execution. A remote attacker is able to read sensitive user files and deserialize local gadgets by connecting the system to a malicious database server...

Deserialization of Untrusted Data in com.bstek.ureport:ureport2-console

All versions of package com.bstek.ureport:ureport2-console are vulnerable to Remote Code Execution by connecting to a malicious database server, causing arbitrary file read and deserialization of local gadgets...

CVE-2022-25767

CVE-2022-25767 affects all versions of the Java package com.bstek.ureport:ureport2-console. The vulnerability enables Remote Code Execution via deserialization when the system connects to a malicious database server, leading to arbitrary file reads and deserialization of local gadgets. Multiple s...

UReport2-console 代码问题漏洞

UReport2 is a high-performance pure Java reporting engine based on Spring architecture . A security vulnerability exists in all versions of UReport2-console, which can be exploited by an attacker to perform remote code execution, resulting in arbitrary file reads and deserialization of local...

Remote Code Execution (RCE)

Overview com.bstek.ureport:ureport2-console is an UReport2 is a high-performance pure Java report engine based on Spring architecture, where complex Chinese-style statements and reports can be prepared by iterating over cells. Affected versions of this package are vulnerable to Remote Code...