Search Results | AttackerKB

3 Total Results

Displaying 1-3 of 3

Attacker Value

Unknown

CVE-2021-45790

Disclosure Date: September 29, 2022 (last updated February 24, 2025)

An arbitrary file upload vulnerability was found in Metersphere v1.15.4. Unauthenticated users can upload any file to arbitrary directory, where attackers can write a cron job to execute commands.

Attacker Value

Unknown

CVE-2021-45789

Disclosure Date: September 29, 2022 (last updated October 08, 2023)

An arbitrary file read vulnerability was found in Metersphere v1.15.4, where authenticated users can read any file on the server via the file download function.

Attack Vector: Network Privileges: Low User Interaction: None

Attacker Value

Unknown

CVE-2021-45788

Disclosure Date: September 29, 2022 (last updated February 24, 2025)

Time-based SQL Injection vulnerabilities were found in Metersphere v1.15.4 via the "orders" parameter.

Attack Vector: Network Privileges: Low User Interaction: None

3 Total Results

Displaying 1-3 of 3

Unknown

CVE-2021-45790

Unknown

CVE-2021-45789

Unknown

CVE-2021-45788

Quick Cookie Notification