A security vulnerability has been detected in Metasoft 美特软件 MetaCRM 6.4.0
The MetaCRM 6.4.0 software has a vulnerability that allows attackers to upload files without restrictions, potentially leading to malicious activity. This can be exploited remotely, and the vendor has not responded to disclosure. The vulnerability is located in the upload.jsp file.
A security vulnerability has been detected in Metasoft 美特软件 MetaCRM 6.4.0. The impacted element is an unknown function of the file develop/systparam/softlogo/upload.jsp. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Organizations using MetaCRM 6.4.0 are at medium risk of remote exploitation, potentially leading to data breaches or malware infections.
Monitor & Review
Low severity — keep this CVE on your radar and patch during routine maintenance.
What should I do?
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
0
Affected Products
5
References
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Exploitability
Impact