Arbitrary File Write vulnerability in the saveReportFile method of ureport2 2.2.9 and before allows attackers to write arbitrary files and run arbitrary commands via crafted POST request.
References
Link | Resource |
---|---|
https://github.com/advisories/GHSA-445x-c8qq-qfr9 | Third Party Advisory |
https://lemono.fun/thoughts/UReport2-RCE.html | Broken Link |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2024-01-03T00:00:00
Updated: 2024-01-03T19:56:06.955459
Reserved: 2023-12-04T00:00:00
Link: CVE-2023-50090
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-01-03T20:15:21.660
Modified: 2024-01-09T21:18:46.207
Link: CVE-2023-50090
JSON object: View
Redhat Information
No data.
CWE