Skip to main content

MetaCRM CVE-2026-10205

| EUVD-2026-33527 LOW
Unrestricted Upload of File with Dangerous Type (CWE-434)
2026-06-01 VulDB GHSA-vw5m-vghh-hr6p
File Upload Metacrm
2.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Severity Changed
Jun 01, 2026 - 01:22 NVD
MEDIUM LOW
CVSS changed
Jun 01, 2026 - 01:22 NVD
6.3 (MEDIUM) 2.1 (LOW)
Analysis Generated
Jun 01, 2026 - 00:42 vuln.today

DescriptionCVE.org

A security vulnerability has been detected in Metasoft 美特软件 MetaCRM 6.4.0. The impacted element is an unknown function of the file develop/systparam/softlogo/upload.jsp. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Unrestricted file upload in Metasoft MetaCRM 6.4.0 allows low-privileged authenticated remote attackers to upload arbitrary files via the softlogo upload endpoint at develop/systparam/softlogo/upload.jsp, potentially enabling server-side code execution or persistent backdoor installation. A publicly available proof-of-concept exploit exists, referenced via a Feishu document, and the vendor did not respond to coordinated disclosure. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privilege MetaCRM credentials
Delivery
Authenticate to MetaCRM web interface
Exploit
Craft multipart POST request to upload.jsp with embedded JSP web shell
Execution
Server writes web shell to web-accessible directory
Persist
Issue HTTP request to uploaded shell URL
Impact
Execute arbitrary OS commands as application server process
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires a valid low-privilege authenticated session in MetaCRM 6.4.0 - the CVSS vector PR:L confirms low-privilege credentials are sufficient and PR:N (unauthenticated) is not indicated. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The base CVSS score of 6.3 (Medium) is modestly understated given surrounding context. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with a low-privilege MetaCRM account - obtained via credential stuffing, phishing, or a trial/default account - sends a crafted multipart HTTP POST request to develop/systparam/softlogo/upload.jsp containing a JSP web shell disguised as a logo image file. If the server lacks server-side file type validation, the web shell is written to a web-accessible directory and the attacker subsequently issues HTTP GET requests to the uploaded file's URL to execute arbitrary OS commands as the application server process. …
Remediation No vendor-released patch has been identified at time of analysis - the vendor did not respond to coordinated disclosure, and the CVSS temporal remediation level is undefined (RL:X). … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-10205 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy