| Título | Beijing Meite Software Technology Co., Ltd. MetaCRM6 6.4.0 Beta06 CWE-434 (Unrestricted Upload of File with Dangerous Type) |
|---|
| Descrição | There is a file upload vulnerability in the develop/systparam/softlogo/upload.jsp interface of MetaCRM6 system by Beijing Maitai Software Technology Co., Ltd. This vulnerability arises from the system's failure to perform thorough type validation, extension checks, and content filtering on user-uploaded files before storing them on the server. Attackers can exploit this by uploading maliciously crafted files (such as JSP files containing malware) to persistently store executable scripts on the server. When other users access the file or the server processes and executes it, risks such as remote code execution, server takeover, sensitive data leakage, website defacement, or further internal network infiltration may occur. |
|---|
| Fonte | ⚠️ https://ucn9h68n9289.feishu.cn/docx/If1EdqoFqoUJ0FxHj06cZnUOngc?from=from_copylink |
|---|
| Utilizador | Anonymous User |
|---|
| Submissão | 07/05/2026 09h45 (há 1 mês) |
|---|
| Moderação | 31/05/2026 08h38 (24 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 367485 [Metasoft 美特软件 MetaCRM 6.4.0 upload.jsp Elevação de Privilégios] |
|---|
| Pontos | 20 |
|---|