3 matches found
CVE-2022-46178
MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.1 allow users to upload a file, but do not validate the file name, which may lead to upload file to any path. The vulnerability...
CVE-2022-46178 Path Traversal In MeterSpere allows file upload to any path
MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.1 allow users to upload a file, but do not validate the file name, which may lead to upload file to any path. The vulnerability...
CVE-2022-46178
MeterSphere (open source continuous testing platform) contains a path traversal vulnerability in versions prior to 2.5.1 where uploaded files are not validated for the filename, allowing writing to arbitrary paths via FileUtils.createFile by bypassing name checks. The root cause is lack of filena...