178 matches found
MeterSphere 安全漏洞
MeterSphere is MeterSphere open source one-stop open source continuous testing platform. MeterSphere 2.9.1 and previous versions of a denial of service vulnerability , the vulnerability stems from the submission of a very long password during login , it will force the system to perform a long...
CVE-2023-29944
Metersphere v1.20.20-lts-79d354a6 is vulnerable to Remote Command Execution. The system command reverse-shell can be executed at the custom code snippet function of the metersphere system workbench...
CVE-2023-29944
Metersphere v1.20.20-lts-79d354a6 is vulnerable to Remote Command Execution. The system command reverse-shell can be executed at the custom code snippet function of the metersphere system workbench...
Command injection
Metersphere v1.20.20-lts-79d354a6 is vulnerable to Remote Command Execution. The system command reverse-shell can be executed at the custom code snippet function of the metersphere system workbench...
CVE-2023-29944
Metersphere v1.20.20-lts-79d354a6 is vulnerable to Remote Command Execution. The system command reverse-shell can be executed at the custom code snippet function of the metersphere system workbench...
CVE-2023-29944
CVE-2023-29944 affects MeterSphere v1.20.20-lts-79d354a6. The vulnerability is a remote command execution in the custom code snippet function of the system workbench, allowing an attacker to run system commands (e.g., reverse shells). The CVE documents list a high impact with network access, no p...
PT-2023-22493 · Unknown · Metersphere
Name of the Vulnerable Software and Affected Versions: Metersphere version 1.20.20-lts-79d354a6 Description: The issue allows for Remote Command Execution. An attacker can execute system commands, including reverse-shell, by exploiting the custom code snippet function in the Metersphere system...
CVE-2023-29944
Metersphere v1.20.20-lts-79d354a6 is vulnerable to Remote Command Execution. The system command reverse-shell can be executed at the custom code snippet function of the metersphere system workbench...
MeterSphere 安全漏洞
MeterSphere is MeterSphere open source one-stop open source continuous testing platform. A security vulnerability exists in Metersphere version v1.20.20-lts-79d354a6. An attacker exploiting this vulnerability can remotely execute commands...
CVE-2023-30550
MeterSphere is an open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing, and performance testing. This IDOR vulnerability allows the administrator of a project to modify other projects under the workspace. An attacker can obtain some...
Design/Logic Flaw
MeterSphere is an open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing, and performance testing. This IDOR vulnerability allows the administrator of a project to modify other projects under the workspace. An attacker can obtain some...
CVE-2023-30550 IDOR vulnerability exists in metersphere
MeterSphere is an open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing, and performance testing. This IDOR vulnerability allows the administrator of a project to modify other projects under the workspace. An attacker can obtain some...
CVE-2023-30550
MeterSphere (open source continuous testing platform) contains an IDOR vulnerability that lets a project administrator modify other projects within the same workspace, potentially escalating privileges to obtain operating permissions. The issue is fixed in version 2.9.0. Affected component: proje...
CVE-2023-30550 IDOR vulnerability exists in metersphere
MeterSphere is an open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing, and performance testing. This IDOR vulnerability allows the administrator of a project to modify other projects under the workspace. An attacker can obtain some...
CVE-2023-30550 IDOR vulnerability exists in metersphere
MeterSphere is an open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing, and performance testing. This IDOR vulnerability allows the administrator of a project to modify other projects under the workspace. An attacker can obtain some...
MeterSphere 安全漏洞
MeterSphere is MeterSphere's open source one-stop open source continuous testing platform. MeterSphere version 2.9.0 before the security vulnerability , the vulnerability stems from allowing the administrator of a project to modify other projects under the workspace...
CVE-2023-25814
metersphere is an open source continuous testing platform. In versions prior to 2.7.1 a user who has permission to create a resource file through UI operations is able to append a path to their submission query which will be read by the system and displayed to the user. This allows a users of the...
Design/Logic Flaw
metersphere is an open source continuous testing platform. In versions prior to 2.7.1 a user who has permission to create a resource file through UI operations is able to append a path to their submission query which will be read by the system and displayed to the user. This allows a users of the...
Improper access control
metersphere is an open source continuous testing platform. In affected versions an improper access control vulnerability exists in /api/jmeter/download/files, which allows any user to download any file without authentication. This issue may expose all files available to the running process. This...
CVE-2023-25814
Vulnerability overview (CVE-2023-25814) : metersphere prior to 2.7.1 allows a user with UI-created resource file permission to append a path to their submission query, which is then read and displayed by the system, enabling read access to arbitrary server filesystem files if the server process h...