| Название | Beijing Meite Software Technology Co., Ltd. MetaCRM6 6.4.0 Beta06 CWE-434 (Unrestricted Upload of File with Dangerous Type) |
|---|
| Описание | There is a file upload vulnerability in the develop/systparam/softlogo/upload.jsp interface of MetaCRM6 system by Beijing Maitai Software Technology Co., Ltd. This vulnerability arises from the system's failure to perform thorough type validation, extension checks, and content filtering on user-uploaded files before storing them on the server. Attackers can exploit this by uploading maliciously crafted files (such as JSP files containing malware) to persistently store executable scripts on the server. When other users access the file or the server processes and executes it, risks such as remote code execution, server takeover, sensitive data leakage, website defacement, or further internal network infiltration may occur. |
|---|
| Источник | ⚠️ https://ucn9h68n9289.feishu.cn/docx/If1EdqoFqoUJ0FxHj06cZnUOngc?from=from_copylink |
|---|
| Пользователь | Anonymous User |
|---|
| Представление | 07.05.2026 09:45 (1 месяц назад) |
|---|
| Модерация | 31.05.2026 08:38 (24 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 367485 [Metasoft 美特软件 MetaCRM 6.4.0 upload.jsp эскалация привилегий] |
|---|
| Баллы | 20 |
|---|