| 제목 | Beijing Metasoft Technology Co., Ltd. (China) MetaCRM 6.4.2 Improper Authorization of Index Containing Sensitive Information |
|---|
| 설명 | MetaCRM6 is an enterprise-level customer relationship management system developed by Beijing Metasoft Technology Co., Ltd. Launched in December 2009, it targets medium and large enterprises, offering intelligent, platform-based CRM solutions. Key features include 360° customer profile management, full sales cycle support, multi-organization management, efficient delivery processes, and integration with ERP/PLM/MES. It serves over 40 sectors like smart manufacturing and medical equipment, with a mobile app for iPad.
Beijing Metasoft Technology Co., Ltd. (China) : http://www.metasoft.com.cn/
However,The two interfaces /env.jsp and /debug.jsp have front-end sensitive information leakage vulnerabilities.
The /env.jsp and /debug.jsp endpoints are vulnerable to information disclosure. Unauthenticated attackers can access /env.jsp to obtain sensitive information such as the server name, Java version, and absolute file paths.
Additionally, the /debug.jsp endpoint lacks authentication controls, allowing unauthorized users to perform privileged operations, including modifying server debugging settings and accessing sensitive server logs. Immediate remediation is recommended to prevent potential system compromise.
|
|---|
| 원천 | ⚠️ https://github.com/FightingLzn9/vul/blob/main/MetaCRM6-SIL-2.md |
|---|
| 사용자 | nu11 (UID 81380) |
|---|
| 제출 | 2025. 07. 08. AM 05:26 (8 개월 ago) |
|---|
| 모더레이션 | 2025. 07. 19. AM 09:15 (11 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 316988 [Metasoft 美特软件 MetaCRM 까지 6.4.2 /env.jsp 정보 공개] |
|---|
| 포인트들 | 20 |
|---|