| タイトル | Beijing Meite Software Technology Co., Ltd. MetaCRM6 6.4.0 Beta06 CWE-434 (Unrestricted Upload of File with Dangerous Type) |
|---|
| 説明 | There is a serious file upload vulnerability in the MTCRM6 system of Beijing Meite Software Technology Co., Ltd. The vulnerability is located in the /common/jsp/upload3.jsp interface. The interface does not restrict the type of uploaded files, and an attacker without authentication can exploit this vulnerability. This allows webshell to be transferred to the server. Successful exploitation of this vulnerability could enable remote code execution, granting the attacker full administrative access to the server. |
|---|
| ソース | ⚠️ https://ucn9h68n9289.feishu.cn/wiki/XmoNwpJjJiQrBtkLMitccF56ntb |
|---|
| ユーザー | Anonymous User |
|---|
| 送信 | 2026年04月23日 09:58 (1 月 ago) |
|---|
| モデレーション | 2026年05月16日 19:41 (23 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 364385 [Metasoft 美特软件 MetaCRM 迄 6.4.0 Beta06 /common/jsp/upload3.jsp ファイル 特権昇格] |
|---|
| ポイント | 20 |
|---|