提出 #611288: Beijing Metasoft Technology Co., Ltd. (China) MetaCRM 6.4.2 Unrestricted Upload情報

タイトルBeijing Metasoft Technology Co., Ltd. (China) MetaCRM 6.4.2 Unrestricted Upload
説明MetaCRM6 is an enterprise-level customer relationship management system developed by Beijing Metasoft Technology Co., Ltd. Launched in December 2009, it targets medium and large enterprises, offering intelligent, platform-based CRM solutions. Key features include 360° customer profile management, full sales cycle support, multi-organization management, efficient delivery processes, and integration with ERP/PLM/MES. It serves over 40 sectors like smart manufacturing and medical equipment, with a mobile app for iPad. Beijing Metasoft Technology Co., Ltd. (China) : http://www.metasoft.com.cn/ However,The /mobile/mobileupload.jsp interface is vulnerable to arbitrary file upload attacks from the frontend. Attackers can exploit this vulnerability to upload arbitrary files, potentially leading to server compromise and subsequent malicious activities.
ソース⚠️ https://github.com/FightingLzn9/vul/blob/main/MetaCRM-Upload-6.md
ユーザー
 nu11 (UID 81380)
送信2025年07月08日 11:35 (12 月 ago)
モデレーション2025年07月19日 09:16 (11 days later)
ステータス承諾済み
VulDBエントリ316993 [Metasoft 美特软件 MetaCRM 迄 6.4.2 mobileupload.jsp ファイル 特権昇格]
ポイント20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!