जमा करें #848598: Beijing Meite Software Technology Co., Ltd. MetaCRM6 6.4.0 Beta06 CWE-434 (Unrestricted Upload of File with Dangerous Type)जानकारी

शीर्षकBeijing Meite Software Technology Co., Ltd. MetaCRM6 6.4.0 Beta06 CWE-434 (Unrestricted Upload of File with Dangerous Type)
विवरणThe /customizemt/xkq/rpc.jsp interface of the MTCRM6 system developed by Beijing Meite Software Technology Co., Ltd. contains an SQL injection vulnerability. Attackers can exploit this vulnerability without any authentication. In the MetaCRM6 PHPRPC remote call interface /customizemt/xkq/rpc.jsp, the RPCService.query() method directly concatenates the user-input string into an SQL statement for execution when processing user requests, without any filtering or parameterization. Attackers can pass malicious SQL statements through the phprpc_args parameter, which is encoded in PHP serialization format, to achieve database breaches, theft of sensitive information, and other malicious attacks.
स्रोत⚠️ https://ucn9h68n9289.feishu.cn/docx/SX91dyomSoAeHJxnfygckPQNnLL?from=from_copylink
उपयोगकर्ता
 bigbrother_man (UID 96003)
सबमिशन05/06/2026 04:10 AM (1 महीना पहले)
संयम12/07/2026 08:33 AM (1 month later)
स्थितिस्वीकृत
VulDB प्रविष्टि377843 [Metasoft 美特软件 MetaCRM तक 6.4.0 Beta06 PHPRPC Remote Call Interface /customizemt/xkq/rpc.jsp RPCService.query phprpc_args SQL इंजेक्शन]
अंक20

Do you want to use VulDB in your project?

Use the official API to access entries easily!