CVE-2020-21124

UReport 2.2.9 allows attackers to execute arbitrary code due to a lack of access control to the designer page.