179 matches found
CVE-2021-45789
An arbitrary file read vulnerability was found in Metersphere v1.15.4, where authenticated users can read any file on the server via the file download function...
Design/Logic Flaw
An arbitrary file upload vulnerability was found in Metersphere v1.15.4. Unauthenticated users can upload any file to arbitrary directory, where attackers can write a cron job to execute commands...
Sql injection
Time-based SQL Injection vulnerabilities were found in Metersphere v1.15.4 via the "orders" parameter...
Arbitrary file deletion
An arbitrary file read vulnerability was found in Metersphere v1.15.4, where authenticated users can read any file on the server via the file download function...
MeterSphere 代码问题漏洞
MeterSphere is MeterSphere's open source one-stop open source continuous testing platform. metersphere has an arbitrary file upload vulnerability, which can be exploited by remote attackers to submit special requests that can upload malicious files and write cron jobs to execute commands...
MeterSphere 安全漏洞
MeterSphere is MeterSphere open source one-stop open source continuous testing platform. MeterSphere v1.15.4 version of a security vulnerability , the vulnerability stems from the existence of arbitrary file read vulnerability , authenticated users can read any file on the server through the file...
MeterSphere SQL注入漏洞
MeterSphere is MeterSphere open source one-stop open source continuous testing platform. MeterSphere v1.15.4 version of the SQL injection vulnerability , the vulnerability stems from the existence of time-based SQL injection through the borders parameter...
Metersphere has an arbitrary file deletion vulnerability
MeterSphere is a one-stop open source continuous testing platform covering test management, interface testing, performance testing, etc. Metersphere has an arbitrary file deletion vulnerability, which can be exploited by attackers to delete arbitrary files...
Command Execution Vulnerability in Metersphere
MeterSphere is a one-stop open source continuous testing platform, covering test tracking, interface testing, performance testing, team collaboration and other functions, compatible with JMeter and other open source standards, effectively helping development and testing teams to make full use of...
Command Execution Vulnerability in MeterSphere at Hangzhou Feizhiyun Information Technology Co.
MeterSphere is a one-stop open source continuous testing platform, covering test tracking, interface testing, performance testing, team collaboration and other functions, fully compatible with JMeter, Postman, Swagger and other open source, mainstream standards, effectively helping development an...
CVE-2021-45790
Metersphere v1.15.4 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload files to arbitrary directories and potentially write cron jobs to execute commands. This is described across multiple sources (CVE-2021-45790, CNVD/CNNVD entries, OSV/NVD mirrors, a...
CVE-2021-45790
An arbitrary file upload vulnerability was found in Metersphere v1.15.4. Unauthenticated users can upload any file to arbitrary directory, where attackers can write a cron job to execute commands...
CVE-2021-45789
An arbitrary file read vulnerability was found in Metersphere v1.15.4, where authenticated users can read any file on the server via the file download function...
CVE-2021-45789
CVE-2021-45789 affects Metersphere v1.15.4, where authenticated users can read arbitrary files on the server via the file download function. The vulnerability details indicate impact to confidentiality (high) with no stated impact on integrity or availability. The available connected sources desc...
CVE-2021-45788
CVE-2021-45788 describes a time-based SQL injection in Metersphere v1.15.4 exposed via the orders parameter. Affected software: Metersphere 1.15.4. Vulnerable component/flows: endpoint handling the orders parameter (time-based SQLi root cause per sources). Impact: high (CVE's CVSS 3.1 base score ...
CVE-2021-45788
Time-based SQL Injection vulnerabilities were found in Metersphere v1.15.4 via the "orders" parameter...
PT-2021-24298 · Unknown · Metersphere
Name of the Vulnerable Software and Affected Versions: Metersphere version 1.15.4 Description: An arbitrary file upload issue was discovered, allowing unauthenticated users to upload files to any directory. This could enable attackers to write a cron job for command execution. Recommendations: Fo...
PT-2021-24296 · Unknown · Metersphere
Name of the Vulnerable Software and Affected Versions: Metersphere version 1.15.4 Description: Time-based SQL Injection vulnerabilities were found via the orders parameter. Recommendations: For Metersphere version 1.15.4, avoid using the orders parameter until a fix is available. Consider...
PT-2021-24297 · Unknown · Metersphere
Name of the Vulnerable Software and Affected Versions: Metersphere version 1.15.4 Description: An arbitrary file read issue was found, allowing authenticated users to read any file on the server via the file download function. Recommendations: For Metersphere version 1.15.4, consider restricting...