Metasoft 美特软件 MetaCRM upload.jsp unrestricted upload_CVE-2026-10205

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A security vulnerability has been detected in Metasoft 美特软件 MetaCRM 6.4.0. The impacted element is an unknown function of the file develop/systparam/softlogo/upload.jsp. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2026-10205

Source VulDB

Published Jun 1, 2026 at 00:00

Affected Product

Vendor Metasoft 美特软件

Product MetaCRM

Version 6.4.0

Affected Versions Metasoft 美特软件 MetaCRM 6.4.0

CWE Classification

CWE-434 CWE-284

References

{
    "lastseen": "",
    "description": "A security vulnerability has been detected in Metasoft \u7f8e\u7279\u8f6f\u4ef6 MetaCRM 6.4.0. The impacted element is an unknown function of the file develop/systparam/softlogo/upload.jsp. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2026-06-01T00:00:39.126Z",
    "modified": "2026-06-01T00:00:39.126Z",
    "type": "cve",
    "title": "Metasoft \u7f8e\u7279\u8f6f\u4ef6 MetaCRM upload.jsp unrestricted upload",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/367485\nhttps://vuldb.com/vuln/367485/cti\nhttps://vuldb.com/cve/CVE-2026-10205\nhttps://vuldb.com/submit/821715\nhttps://ucn9h68n9289.feishu.cn/docx/If1EdqoFqoUJ0FxHj06cZnUOngc?from=from_copylink",
    "id": "CVE-2026-10205",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434",
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "Metasoft \u7f8e\u7279\u8f6f\u4ef6 MetaCRM 6.4.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "MetaCRM",
    "version": "6.4.0",
    "vendor": "Metasoft \u7f8e\u7279\u8f6f\u4ef6",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}