Path Traversal in uploadAttachment in metersphere/metersphere
Jun 26th 2023
POC : see https://1drv.ms/v/s!Avwg5C1eKVA4gl3LF2hgRyVNrSqk?e=DHbHKF
We also contact the Maintainer through email lujie.ac.cn
it can allow an attacker to gain unauthorized access to sensitive files and directories on the web server. This can include configuration files, user credentials, and other sensitive data that can be used to launch further attacks or steal valuable information.
In some cases, Path Traversal can be used to execute arbitrary code on the web server by accessing executable files outside of the web directory. This can result in a complete compromise of the web server and even the host system, allowing the attacker to gain complete control over the system.