| Titre | Beijing Meite Software Technology Co., Ltd. MetaCRM6 6.4.0 Beta06 CWE-434 (Unrestricted Upload of File with Dangerous Type) |
|---|
| Description | There is a file upload vulnerability in the develop/systparam/softlogo/upload.jsp interface of MetaCRM6 system by Beijing Maitai Software Technology Co., Ltd. This vulnerability arises from the system's failure to perform thorough type validation, extension checks, and content filtering on user-uploaded files before storing them on the server. Attackers can exploit this by uploading maliciously crafted files (such as JSP files containing malware) to persistently store executable scripts on the server. When other users access the file or the server processes and executes it, risks such as remote code execution, server takeover, sensitive data leakage, website defacement, or further internal network infiltration may occur. |
|---|
| La source | ⚠️ https://ucn9h68n9289.feishu.cn/docx/If1EdqoFqoUJ0FxHj06cZnUOngc?from=from_copylink |
|---|
| Utilisateur | Anonymous User |
|---|
| Soumission | 07/05/2026 09:45 (il y a 28 jours) |
|---|
| Modérer | 31/05/2026 08:38 (24 days later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 367485 [Metasoft 美特软件 MetaCRM 6.4.0 upload.jsp élévation de privilèges] |
|---|
| Points | 20 |
|---|