CNNVD-202507-1919 Information
Jul 14, 2025
cve
CNNVD ID
CNNVD-202507-1919
Related CVE
- CNNVD Published: 2025-07-14
Description (Chinese)
MeterSphere是MeterSphere开源的一站式开源持续测试平台。 MeterSphere 3.6.5-lts之前版本存在SQL注入漏洞,该漏洞源于sortField参数验证不足,可能导致SQL注入。
Description (English)
MeterSphere is a one-stop open source continuous testing platform for the MeterSphere Open Source. The previous version of MeterSphere 3.6.5-lts contained an injection loophole in SQL, which originated from the insufficiency of soortfield parameters and could lead to SQL injections.
Hazard Level
High
Vulnerability Type
SQL注入
Affected Vendor
METIS
Published
2025-07-14
Last Modified
2026-02-24
References
https://github.com/metersphere/metersphere/security/advisories/GHSA-vcm3-5w3f-9f45 https://access.redhat.com/security/cve/cve-2025-53639
Patch
https://metersphere.io/docs/v3.x/about/changelog/
Share on: