Metasoft MetaCRM Unrestricted File Upload Vulnerability in sendsms.jsp

A critical vulnerability allowing unrestricted file uploads has been identified in Metasoft MetaCRM versions through 6.4.2. The issue resides in the sendsms.jsp file, where the File argument can be manipulated to upload potentially harmful files. This vulnerability can be exploited remotely, and a public proof-of-concept exploit is available.

Impact

Exploitation of this vulnerability allows for arbitrary file uploads, which could be used to upload malicious scripts that, once executed by the server, could lead to remote control of the server. This includes the ability to view, modify, or delete files, execute system commands, and steal sensitive data such as database credentials and user information.

Reproduction

To reproduce this vulnerability, access the business/common/sms/sendsms.jsp interface on a Metasoft MetaCRM installation through version 6.4.2. Upload a file through the File argument that is executable by the server, such as a JSP, PHP, or ASP script. Once uploaded, execute the file to demonstrate the vulnerability.