Description
An XML External Entity (XXE) vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code via uploading a crafted XML file to /ureport/designer/saveReportFile.
Remediation
References
http://ureport.com
https://github.com/cgddgc/vulns/blob/main/ureport2-vuln-des.md
https://github.com/Venus-WQLab/bug_report/blob/main/ureport/ureport-cve-2023-24187.md
https://github.com/youseries/ureport
Related Vulnerabilities
CVE-2021-33561 Vulnerability in maven package com.shopizer:shopizer
CVE-2018-1002201 Vulnerability in maven package org.zeroturnaround:zt-zip
CVE-2022-47105 Vulnerability in maven package org.jeecgframework.boot:jeecg-boot-base-core
CVE-2021-39149 Vulnerability in maven package com.thoughtworks.xstream:xstream
CVE-2020-28458 Vulnerability in maven package org.webjars.bower:datatables.net