Metasoft 美特软件 MetaCRM upload3.jsp unrestricted upload_CVE-2026-8758

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was determined in Metasoft 美特软件 MetaCRM up to 6.4.0 Beta06. This impacts an unknown function of the file /common/jsp/upload3.jsp. Executing a manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2026-8758

Source VulDB

Published May 17, 2026 at 13:45

Affected Product

Vendor Metasoft 美特软件

Product MetaCRM

Version 6.4.0 Beta06

Affected Versions Metasoft 美特软件 MetaCRM 6.4.0 Beta06

CWE Classification

CWE-434 CWE-284

References

{
    "lastseen": "",
    "description": "A vulnerability was determined in Metasoft \u7f8e\u7279\u8f6f\u4ef6 MetaCRM up to 6.4.0 Beta06. This impacts an unknown function of the file /common/jsp/upload3.jsp. Executing a manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2026-05-17T13:45:36.564Z",
    "modified": "2026-05-17T13:45:36.564Z",
    "type": "cve",
    "title": "Metasoft \u7f8e\u7279\u8f6f\u4ef6 MetaCRM upload3.jsp unrestricted upload",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/364385\nhttps://vuldb.com/vuln/364385/cti\nhttps://vuldb.com/submit/811283\nhttps://ucn9h68n9289.feishu.cn/wiki/XmoNwpJjJiQrBtkLMitccF56ntb",
    "id": "CVE-2026-8758",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434",
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "Metasoft \u7f8e\u7279\u8f6f\u4ef6 MetaCRM 6.4.0 Beta06",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "MetaCRM",
    "version": "6.4.0 Beta06",
    "vendor": "Metasoft \u7f8e\u7279\u8f6f\u4ef6",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}