Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
metersphere metersphere vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-50267
MeterSphere is a one-stop open source continuous testing platform. before 2.10.10-lts, the authenticated attackers can update resources which don't belong to him if the resource ID is known. This issue if fixed in 2.10.10-lts. There are no known workarounds.
Metersphere Metersphere
NA
CVE-2023-25814
metersphere is an open source continuous testing platform. In versions before 2.7.1 a user who has permission to create a resource file through UI operations is able to append a path to their submission query which will be read by the system and displayed to the user. This allows...
Metersphere Metersphere
NA
CVE-2021-45788
Time-based SQL Injection vulnerabilities were found in Metersphere v1.15.4 via the "orders" parameter.
Metersphere Metersphere 1.15.4
NA
CVE-2021-45789
An arbitrary file read vulnerability was found in Metersphere v1.15.4, where authenticated users can read any file on the server via the file download function.
Metersphere Metersphere 1.15.4
NA
CVE-2021-45790
An arbitrary file upload vulnerability was found in Metersphere v1.15.4. Unauthenticated users can upload any file to arbitrary directory, where attackers can write a cron job to execute commands.
Metersphere Metersphere 1.15.4
NA
CVE-2023-29944
Metersphere v1.20.20-lts-79d354a6 is vulnerable to Remote Command Execution. The system command reverse-shell can be executed at the custom code snippet function of the metersphere system workbench
Metersphere Metersphere 1.20.20-lts-79d354a6
NA
CVE-2024-32467
MeterSphere is an open source continuous testing platform. Prior to version 2.10.14-lts, members without space permissions can view member information from other workspaces beyond their authority. Version 2.10.14-lts fixes this issue.
2 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2