CVE-2023-50090

Name of the Vulnerable Software and Affected Versions ureport2 versions 2.2.9 and before

Description The issue allows attackers to write arbitrary files and run arbitrary commands via a crafted POST request. This is due to an Arbitrary File Write vulnerability in the saveReportFile method.

Recommendations For versions 2.2.9 and before, consider disabling the saveReportFile method until a patch is available to prevent attackers from writing arbitrary files and running arbitrary commands. Restrict access to the affected API endpoint to minimize the risk of exploitation. Avoid using crafted POST requests in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.