Lucene search
K

179 matches found

OSV
OSV
added 2022/09/29 3:15 a.m.14 views

CVE-2021-45789

An arbitrary file read vulnerability was found in Metersphere v1.15.4, where authenticated users can read any file on the server via the file download function...

6.5CVSS6.8AI score
Exploits0References1
Prion
Prion
added 2022/09/29 3:15 a.m.14 views

Design/Logic Flaw

An arbitrary file upload vulnerability was found in Metersphere v1.15.4. Unauthenticated users can upload any file to arbitrary directory, where attackers can write a cron job to execute commands...

7.5CVSS9.5AI score0.01858EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2022/09/29 3:15 a.m.16 views

Sql injection

Time-based SQL Injection vulnerabilities were found in Metersphere v1.15.4 via the "orders" parameter...

6.5CVSS9.4AI score0.02992EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2022/09/29 3:15 a.m.13 views

Arbitrary file deletion

An arbitrary file read vulnerability was found in Metersphere v1.15.4, where authenticated users can read any file on the server via the file download function...

4CVSS6.4AI score0.00891EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2022/09/28 12:0 a.m.4 views

MeterSphere 代码问题漏洞

MeterSphere is MeterSphere's open source one-stop open source continuous testing platform. metersphere has an arbitrary file upload vulnerability, which can be exploited by remote attackers to submit special requests that can upload malicious files and write cron jobs to execute commands...

9.8CVSS7.5AI score0.01858EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/09/28 12:0 a.m.5 views

MeterSphere 安全漏洞

MeterSphere is MeterSphere open source one-stop open source continuous testing platform. MeterSphere v1.15.4 version of a security vulnerability , the vulnerability stems from the existence of arbitrary file read vulnerability , authenticated users can read any file on the server through the file...

6.5CVSS6.6AI score0.00891EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/09/28 12:0 a.m.4 views

MeterSphere SQL注入漏洞

MeterSphere is MeterSphere open source one-stop open source continuous testing platform. MeterSphere v1.15.4 version of the SQL injection vulnerability , the vulnerability stems from the existence of time-based SQL injection through the borders parameter...

8.8CVSS8.1AI score0.02992EPSS
Exploits1References3
CNVD
CNVD
added 2022/03/09 12:0 a.m.13 views

Metersphere has an arbitrary file deletion vulnerability

MeterSphere is a one-stop open source continuous testing platform covering test management, interface testing, performance testing, etc. Metersphere has an arbitrary file deletion vulnerability, which can be exploited by attackers to delete arbitrary files...

3.8AI score
Exploits0Affected Software1
CNVD
CNVD
added 2022/01/10 12:0 a.m.16 views

Command Execution Vulnerability in Metersphere

MeterSphere is a one-stop open source continuous testing platform, covering test tracking, interface testing, performance testing, team collaboration and other functions, compatible with JMeter and other open source standards, effectively helping development and testing teams to make full use of...

7.5AI score
Exploits0
CNVD
CNVD
added 2022/01/05 12:0 a.m.19 views

Command Execution Vulnerability in MeterSphere at Hangzhou Feizhiyun Information Technology Co.

MeterSphere is a one-stop open source continuous testing platform, covering test tracking, interface testing, performance testing, team collaboration and other functions, fully compatible with JMeter, Postman, Swagger and other open source, mainstream standards, effectively helping development an...

7.5AI score
Exploits0
CVE
CVE
added 2021/12/27 11:58 a.m.50 views

CVE-2021-45790

Metersphere v1.15.4 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload files to arbitrary directories and potentially write cron jobs to execute commands. This is described across multiple sources (CVE-2021-45790, CNVD/CNNVD entries, OSV/NVD mirrors, a...

9.8CVSS9.6AI score0.01858EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/12/27 11:58 a.m.20 views

CVE-2021-45790

An arbitrary file upload vulnerability was found in Metersphere v1.15.4. Unauthenticated users can upload any file to arbitrary directory, where attackers can write a cron job to execute commands...

9.8AI score0.01858EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/12/27 11:51 a.m.17 views

CVE-2021-45789

An arbitrary file read vulnerability was found in Metersphere v1.15.4, where authenticated users can read any file on the server via the file download function...

6.6AI score0.00891EPSS
Exploits1References1
CVE
CVE
added 2021/12/27 11:51 a.m.35 views

CVE-2021-45789

CVE-2021-45789 affects Metersphere v1.15.4, where authenticated users can read arbitrary files on the server via the file download function. The vulnerability details indicate impact to confidentiality (high) with no stated impact on integrity or availability. The available connected sources desc...

6.5CVSS6.3AI score0.00891EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2021/12/27 11:42 a.m.58 views

CVE-2021-45788

CVE-2021-45788 describes a time-based SQL injection in Metersphere v1.15.4 exposed via the orders parameter. Affected software: Metersphere 1.15.4. Vulnerable component/flows: endpoint handling the orders parameter (time-based SQLi root cause per sources). Impact: high (CVE's CVSS 3.1 base score ...

8.8CVSS9.4AI score0.02992EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/12/27 11:42 a.m.17 views

CVE-2021-45788

Time-based SQL Injection vulnerabilities were found in Metersphere v1.15.4 via the "orders" parameter...

9.6AI score0.02992EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2021/12/27 12:0 a.m.3 views

PT-2021-24298 · Unknown · Metersphere

Name of the Vulnerable Software and Affected Versions: Metersphere version 1.15.4 Description: An arbitrary file upload issue was discovered, allowing unauthenticated users to upload files to any directory. This could enable attackers to write a cron job for command execution. Recommendations: Fo...

9.8CVSS9.6AI score0.01858EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2021/12/27 12:0 a.m.3 views

PT-2021-24296 · Unknown · Metersphere

Name of the Vulnerable Software and Affected Versions: Metersphere version 1.15.4 Description: Time-based SQL Injection vulnerabilities were found via the orders parameter. Recommendations: For Metersphere version 1.15.4, avoid using the orders parameter until a fix is available. Consider...

8.8CVSS9.2AI score0.02992EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2021/12/27 12:0 a.m.3 views

PT-2021-24297 · Unknown · Metersphere

Name of the Vulnerable Software and Affected Versions: Metersphere version 1.15.4 Description: An arbitrary file read issue was found, allowing authenticated users to read any file on the server via the file download function. Recommendations: For Metersphere version 1.15.4, consider restricting...

6.5CVSS6.3AI score0.00891EPSS
Exploits1References4
Rows per page
Query Builder