CVE-2026-6629
HIGHMetasoft 美特软件 MetaCRM Interface sql.jsp Statement.executeUpdate sql injection
Title source: cnaDescription
A vulnerability has been found in Metasoft 美特软件 MetaCRM up to 6.4.0. This vulnerability affects the function Statement.executeUpdate of the file sql.jsp of the component Interface. Such manipulation of the argument sql leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Scores
CVSS v3
7.3
EPSS
0.0003
EPSS Percentile
8.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-74
CWE-89
Status
published
Products (5)
Metasoft 美特软件/MetaCRM
6.0
Metasoft 美特软件/MetaCRM
6.1
Metasoft 美特软件/MetaCRM
6.2
Metasoft 美特软件/MetaCRM
6.3
Metasoft 美特软件/MetaCRM
6.4.0
Published
Apr 20, 2026
Tracked Since
Apr 20, 2026