| Title | Beijing Metasoft Technology Co., Ltd. (China) MetaCRM 6.4.2 Improper Authorization of Index Containing Sensitive Information |
|---|
| Description | MetaCRM6 is an enterprise-level customer relationship management system developed by Beijing Metasoft Technology Co., Ltd. Launched in December 2009, it targets medium and large enterprises, offering intelligent, platform-based CRM solutions. Key features include 360° customer profile management, full sales cycle support, multi-organization management, efficient delivery processes, and integration with ERP/PLM/MES. It serves over 40 sectors like smart manufacturing and medical equipment, with a mobile app for iPad.
Beijing Metasoft Technology Co., Ltd. (China) : http://www.metasoft.com.cn/
However,The two interfaces /env.jsp and /debug.jsp have front-end sensitive information leakage vulnerabilities.
The /env.jsp and /debug.jsp endpoints are vulnerable to information disclosure. Unauthenticated attackers can access /env.jsp to obtain sensitive information such as the server name, Java version, and absolute file paths.
Additionally, the /debug.jsp endpoint lacks authentication controls, allowing unauthorized users to perform privileged operations, including modifying server debugging settings and accessing sensitive server logs. Immediate remediation is recommended to prevent potential system compromise.
|
|---|
| Source | ⚠️ https://github.com/FightingLzn9/vul/blob/main/MetaCRM6-SIL-2.md |
|---|
| User | nu11 (UID 81380) |
|---|
| Submission | 07/08/2025 05:26 AM (8 months ago) |
|---|
| Moderation | 07/19/2025 09:15 AM (11 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 316988 [Metasoft 美特软件 MetaCRM up to 6.4.2 /env.jsp information disclosure] |
|---|
| Points | 20 |
|---|