Vulnerabilities > CVE-2023-29944 - Unspecified vulnerability in Metersphere 1.20.20Lts79D354A6

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

metersphere

critical

NVD

Published: 2023-05-08

Updated: 2023-05-11

Summary

Metersphere v1.20.20-lts-79d354a6 is vulnerable to Remote Command Execution. The system command reverse-shell can be executed at the custom code snippet function of the metersphere system workbench

Vulnerable Configurations

Part	Description	Count
Application	Metersphere Metersphere Metersphere 1.20.20-Lts-79D354A6	1

References

https://github.com/metersphere/metersphere
https://hacku.top/wl/?id=N67LxQL238Tsw9PDok5fy8tihEO0jI7L