Description
An XML External Entity (XXE) vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code via uploading a crafted XML file to /ureport/designer/saveReportFile.
Remediation
References
http://ureport.com
https://github.com/cgddgc/vulns/blob/main/ureport2-vuln-des.md
https://github.com/Venus-WQLab/bug_report/blob/main/ureport/ureport-cve-2023-24187.md
https://github.com/youseries/ureport
Related Vulnerabilities
CVE-2022-31167 Vulnerability in maven package org.xwiki.platform:xwiki-platform-security
CVE-2022-25940 Vulnerability in maven package org.webjars.npm:lite-server
CVE-2021-27738 Vulnerability in maven package org.apache.kylin:kylin-stream-coordinator