| عنوان | Beijing Meite Software Technology Co., Ltd. MetaCRM6 6.4.0 Beta06 CWE-434 (Unrestricted Upload of File with Dangerous Type) |
|---|
| الوصف | There is a file upload vulnerability in the develop/systparam/softlogo/upload.jsp interface of MetaCRM6 system by Beijing Maitai Software Technology Co., Ltd. This vulnerability arises from the system's failure to perform thorough type validation, extension checks, and content filtering on user-uploaded files before storing them on the server. Attackers can exploit this by uploading maliciously crafted files (such as JSP files containing malware) to persistently store executable scripts on the server. When other users access the file or the server processes and executes it, risks such as remote code execution, server takeover, sensitive data leakage, website defacement, or further internal network infiltration may occur. |
|---|
| المصدر | ⚠️ https://ucn9h68n9289.feishu.cn/docx/If1EdqoFqoUJ0FxHj06cZnUOngc?from=from_copylink |
|---|
| المستخدم | Anonymous User |
|---|
| ارسال | 07/05/2026 09:45 AM (28 أيام منذ) |
|---|
| الاعتدال | 31/05/2026 08:38 AM (24 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 367485 [Metasoft 美特软件 MetaCRM 6.4.0 upload.jsp تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|