Primary

Context

Metasoft MetaCRM Unrestricted File Upload Vulnerability

Vulnerability

A vulnerability allowing unauthorized file uploads has been identified in Metasoft MetaCRM version 6.4.0. The issue arises in an unknown function of the file develop/systparam/softlogo/upload.jsp, where unrestricted file upload capabilities are present. This vulnerability can be exploited remotely.

Impact

Exploitation of this vulnerability allows for unauthorized file uploads, which could lead to further attacks such as web shell execution or uploading malicious files that could be executed by the application.

Reproduction

To reproduce this vulnerability, upload a file through the develop/systparam/softlogo/upload.jsp endpoint. The upload request can be made using a POST method, including a file such as a JSP shell that could be executed on the server.

Added: Jun 1, 2026, 1:19 AM

Updated: Jun 1, 2026, 1:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.7

remediation

0.0

relevance

9.7

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.7

remediation

0.0

relevance

9.7

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Metasoft MetaCRM Unrestricted File Upload Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

Metasoft MetaCRM

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating