Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
metersphere metersphere vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-25573
metersphere is an open source continuous testing platform. In affected versions an improper access control vulnerability exists in `/api/jmeter/download/files`, which allows any user to download any file without authentication. This issue may expose all files available to the run...
Metersphere Metersphere
1 Github repository
8.8
CVSSv3
CVE-2022-46178
MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions before 2.5.1 allow users to upload a file, but do not validate the file name, which may lead to upload file to any path. Th...
Metersphere Metersphere
6.1
CVSSv3
CVE-2022-23544
MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions before 2.5.0 are subject to a Server-Side Request Forgery that leads to Cross-Site Scripting. A Server-Side request forgery...
Metersphere Metersphere
8.1
CVSSv3
CVE-2022-23512
MeterSphere is a one-stop open source continuous testing platform. Versions before 2.4.1 are vulnerable to Path Injection in ApiTestCaseService::deleteBodyFiles which takes a user-controlled string id and passes it to ApiTestCaseService, which uses the user-provided value (testId...
Metersphere Metersphere
8.8
CVSSv3
CVE-2021-45788
Time-based SQL Injection vulnerabilities were found in Metersphere v1.15.4 via the "orders" parameter.
Metersphere Metersphere 1.15.4
6.5
CVSSv3
CVE-2021-45789
An arbitrary file read vulnerability was found in Metersphere v1.15.4, where authenticated users can read any file on the server via the file download function.
Metersphere Metersphere 1.15.4
9.8
CVSSv3
CVE-2021-45790
An arbitrary file upload vulnerability was found in Metersphere v1.15.4. Unauthenticated users can upload any file to arbitrary directory, where attackers can write a cron job to execute commands.
Metersphere Metersphere 1.15.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2