ГлавнаяУязвимости → CVE-2023-50090
9.8критическая

CVE-2023-50090

Описание

Arbitrary File Write vulnerability in the saveReportFile method of ureport2 2.2.9 and before allows attackers to write arbitrary files and run arbitrary commands via crafted POST request.

Затрагиваемое ПО
Ureport2 project Ureport2
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://lemono.fun/thoughts/UReport2-RCE.htmlhttps://github.com/advisories/GHSA-445x-c8qq-qfr9https://lemono.fun/thoughts/UReport2-RCE.html