Vulnerability Description
Arbitrary File Write vulnerability in the saveReportFile method of ureport2 2.2.9 and before allows attackers to write arbitrary files and run arbitrary commands via crafted POST request.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ureport2 Project | Ureport2 | <= 2.2.9 |
References
- https://lemono.fun/thoughts/UReport2-RCE.htmlBroken Link
- https://github.com/advisories/GHSA-445x-c8qq-qfr9Third Party Advisory
- https://lemono.fun/thoughts/UReport2-RCE.htmlBroken Link
FAQ
What is CVE-2023-50090?
CVE-2023-50090 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Arbitrary File Write vulnerability in the saveReportFile method of ureport2 2.2.9 and before allows attackers to write arbitrary files and run arbitrary commands via crafted POST request.
How severe is CVE-2023-50090?
CVE-2023-50090 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-50090?
Check the references section above for vendor advisories and patch information. Affected products include: Ureport2 Project Ureport2.