Submit #821715: Beijing Meite Software Technology Co., Ltd. MetaCRM6 6.4.0 Beta06 CWE-434 (Unrestricted Upload of File with Dangerous Type)info

TitleBeijing Meite Software Technology Co., Ltd. MetaCRM6 6.4.0 Beta06 CWE-434 (Unrestricted Upload of File with Dangerous Type)
DescriptionThere is a file upload vulnerability in the develop/systparam/softlogo/upload.jsp interface of MetaCRM6 system by Beijing Maitai Software Technology Co., Ltd. This vulnerability arises from the system's failure to perform thorough type validation, extension checks, and content filtering on user-uploaded files before storing them on the server. Attackers can exploit this by uploading maliciously crafted files (such as JSP files containing malware) to persistently store executable scripts on the server. When other users access the file or the server processes and executes it, risks such as remote code execution, server takeover, sensitive data leakage, website defacement, or further internal network infiltration may occur.
Source⚠️ https://ucn9h68n9289.feishu.cn/docx/If1EdqoFqoUJ0FxHj06cZnUOngc?from=from_copylink
User
 Anonymous User
Submission05/07/2026 09:45 (2 months ago)
Moderation05/31/2026 08:38 (24 days later)
StatusAccepted
VulDB entry367485 [Metasoft 美特软件 MetaCRM 6.4.0 upload.jsp unrestricted upload]
Points20

Do you know our Splunk app?

Download it now for free!