Arbitrary File Write Vulnerability in ureport2 2.2.9 and Earlier: Unauthorized File Manipulation via Crafted POST Request

Arbitrary File Write Vulnerability in ureport2 2.2.9 and Earlier: Unauthorized File Manipulation via Crafted POST Request

CVE-2023-50090 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Arbitrary File Write vulnerability in the saveReportFile method of ureport2 2.2.9 and before allows attackers to write arbitrary files and run arbitrary commands via crafted POST request.

Learn more about our Web Application Penetration Testing UK.