Metersphere Security Vulnerabilities and Issues — Metersphere CVE List

Lucene search

MetersphereMetersphere

5 matches found

CVE•added 2023/05/08 1:15 a.m.•105 views

CVE-2023-29944

Metersphere v1.20.20-lts-79d354a6 is vulnerable to Remote Command Execution. The system command reverse-shell can be executed at the custom code snippet function of the metersphere system workbench

9.8CVSS9.6AI score0.0488EPSS

CVE•added 2022/09/29 3:15 a.m.•40 views

CVE-2021-45790

An arbitrary file upload vulnerability was found in Metersphere v1.15.4. Unauthenticated users can upload any file to arbitrary directory, where attackers can write a cron job to execute commands.

9.8CVSS9.6AI score0.11306EPSS

CVE•added 2023/09/27 3:19 p.m.•32 views

CVE-2023-41878

MeterSphere is a one-stop open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing and performance testing. The Selenium VNC config used in Metersphere is using a weak password by default, attackers can login to vnc and obtain high permissions...

9.8CVSS7AI score0.00139EPSS

CVE•added 2023/07/17 8:15 p.m.•30 views

CVE-2023-37461

Metersphere is an opensource testing framework. Files uploaded to Metersphere may define a belongType value with a relative path like ../../../../ which may cause metersphere to attempt to overwrite an existing file in the defined location or to create a new file. Attackers would be limited to over...

9.8CVSS7.4AI score0.00081EPSS

CVE•added 2025/07/14 8:15 p.m.•9 views

CVE-2025-53639

MeterSphere is an open source continuous testing platform. Prior to version 3.6.5-lts, the sortField parameter in certain API endpoints is not properly validated or sanitized. An attacker can supply crafted input to inject and execute arbitrary SQL statements through the sorting functionality. This...

9.8CVSS8AI score0.00063EPSS