Detections
Analytics

CVE-2023-50090

critical

Description

Arbitrary File Write vulnerability in the saveReportFile method of ureport2 2.2.9 and before allows attackers to write arbitrary files and run arbitrary commands via crafted POST request.

References

https://lemono.fun/thoughts/UReport2-RCE.html

https://github.com/advisories/GHSA-445x-c8qq-qfr9

Details

Source: Mitre, NVD

Published: 2024-01-03

Updated: 2024-01-09

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical