Primary

Context

Metasoft MetaCRM Unrestricted File Upload Vulnerability in sendfile.jsp

Vulnerability

A critical unrestricted file upload vulnerability has been identified in Metasoft MetaCRM versions through 6.4.2. The issue resides in the file sendfile.jsp, where the manipulation of the File argument allows for arbitrary file uploads. This vulnerability can be exploited remotely, potentially leading to server compromise and malicious activities.

Impact

Exploitation of this vulnerability allows for unrestricted file uploads, which could be used to upload malicious files that may compromise the server or application.

Reproduction

The vulnerability can be reproduced by sending a request to the sendfile.jsp file with a manipulated File argument that includes the desired file to upload. This can be done using a variety of tools or scripts that automate the process of uploading files to the vulnerable endpoint.

Added: Jul 20, 2025, 8:17 AM

Updated: Jul 20, 2025, 8:17 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.0

exploitability

6.6

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.0

exploitability

6.6

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Metasoft MetaCRM Unrestricted File Upload Vulnerability in sendfile.jsp

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating