I have tested this vulnerability on the demo website https://demo.metersphere.com/.
Post the data below and we successfully upload a file .1 under the /root/ directory.
If we write a cron job, then we can execute command remotely.
The text was updated successfully, but these errors were encountered:
Version
v1.15.4
Description
Unauthenticated users can upload any kinds of file to arbitrary directory,which could lead to RCE.
API: /resource/md/upload
Vulnerable source code:
ResourceService.java
To Reproduce
I have tested this vulnerability on the demo website https://demo.metersphere.com/.

Post the data below and we successfully upload a file .1 under the /root/ directory.
If we write a cron job, then we can execute command remotely.
The text was updated successfully, but these errors were encountered: