Description
A vulnerability was determined in Metasoft 美特软件 MetaCRM up to 6.4.0 Beta06. This impacts an unknown function of the file /common/jsp/upload3.jsp. Executing a manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
References (4)
Core 4
Core References
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-364385 | Metasoft 美特软件 MetaCRM upload3.jsp unrestricted upload
https://vuldb.com/vuln/364385
Signature, Permissions Required signature
permissions-required
VDB-364385 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/364385/cti
Third Party Advisory third-party-advisory
Submit #811283 | Beijing Meite Software Technology Co., Ltd. MetaCRM6 6.4.0 Beta06 CWE-434 (Unrestricted Upload of File with Dangerous Type)
https://vuldb.com/submit/811283
Exploit exploit
https://ucn9h68n9289.feishu.cn/wiki/XmoNwpJjJiQrBtkLMitccF56ntb
Scores
CVSS v3
7.3
EPSS
0.0005
EPSS Percentile
15.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-284
CWE-434
Status
published
Products (1)
Metasoft 美特软件/MetaCRM
6.4.0 Beta06
Published
May 17, 2026
Tracked Since
May 17, 2026