إرسال #611336: Beijing Metasoft Technology Co., Ltd. (China) MetaCRM 6.4.2 Unrestricted Uploadالمعلومات

عنوانBeijing Metasoft Technology Co., Ltd. (China) MetaCRM 6.4.2 Unrestricted Upload
الوصفMetaCRM6 is an enterprise-level customer relationship management system developed by Beijing Metasoft Technology Co., Ltd. Launched in December 2009, it targets medium and large enterprises, offering intelligent, platform-based CRM solutions. Key features include 360° customer profile management, full sales cycle support, multi-organization management, efficient delivery processes, and integration with ERP/PLM/MES. It serves over 40 sectors like smart manufacturing and medical equipment, with a mobile app for iPad. Beijing Metasoft Technology Co., Ltd. (China) : http://www.metasoft.com.cn/ However,The /business/common/sms/sendsms.jsp interface is vulnerable to arbitrary file upload attacks. Uploading Webshell: Attackers upload script files containing malicious code (such as .jsp, .php, .asp, etc.). Once these files are executed by the server, they can achieve remote control of the server, including viewing/modifying/deleting files, executing system commands, and stealing sensitive data (such as database account passwords, user information, etc.).
المصدر⚠️ https://github.com/FightingLzn9/vul/blob/main/MetaCRM-Upload-7.md
المستخدم
 nu11 (UID 81380)
ارسال08/07/2025 12:41 PM (12 أشهر منذ)
الاعتدال19/07/2025 09:16 AM (11 days later)
الحالةتمت الموافقة
إدخال VulDB316994 [Metasoft 美特软件 MetaCRM حتى 6.4.2 sendsms.jsp ملف تجاوز الصلاحيات]
النقاط20

Do you know our Splunk app?

Download it now for free!