Metasoft 美特软件 MetaCRM Interface sql.jsp Statement.executeUpdate sql injection_CVE-2026-6629

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability has been found in Metasoft 美特软件 MetaCRM up to 6.4.0. This vulnerability affects the function Statement.executeUpdate of the file sql.jsp of the component Interface. Such manipulation of the argument sql leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2026-6629

Source VulDB

Published Apr 20, 2026 at 10:15

Affected Product

Vendor Metasoft 美特软件

Product MetaCRM

Version 6.0

Affected Versions Metasoft 美特软件 MetaCRM 6.0
Metasoft 美特软件 MetaCRM 6.1
Metasoft 美特软件 MetaCRM 6.2
Metasoft 美特软件 MetaCRM 6.3
Metasoft 美特软件 MetaCRM 6.4.0

CWE Classification

CWE-89 CWE-74

References

{
    "lastseen": "",
    "description": "A vulnerability has been found in Metasoft \u7f8e\u7279\u8f6f\u4ef6 MetaCRM up to 6.4.0. This vulnerability affects the function Statement.executeUpdate of the file sql.jsp of the component Interface. Such manipulation of the argument sql leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2026-04-20T10:15:19.931Z",
    "modified": "2026-04-20T10:15:19.931Z",
    "type": "cve",
    "title": "Metasoft \u7f8e\u7279\u8f6f\u4ef6 MetaCRM Interface sql.jsp Statement.executeUpdate sql injection",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/358263\nhttps://vuldb.com/vuln/358263/cti\nhttps://vuldb.com/submit/792615\nhttps://my.feishu.cn/docx/JttndUaPLoR88HxI1alcz1uencf?from=from_copylink",
    "id": "CVE-2026-6629",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89",
        "CWE-74"
    ],
    "cvelist": null,
    "sourceData": "Metasoft \u7f8e\u7279\u8f6f\u4ef6 MetaCRM 6.0\nMetasoft \u7f8e\u7279\u8f6f\u4ef6 MetaCRM 6.1\nMetasoft \u7f8e\u7279\u8f6f\u4ef6 MetaCRM 6.2\nMetasoft \u7f8e\u7279\u8f6f\u4ef6 MetaCRM 6.3\nMetasoft \u7f8e\u7279\u8f6f\u4ef6 MetaCRM 6.4.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "MetaCRM",
    "version": "6.0",
    "vendor": "Metasoft \u7f8e\u7279\u8f6f\u4ef6",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}