CNNVD-202507-2546 Information

CNNVD ID

CNNVD-202507-2546

Related CVE

CVE-2025-7873

• CNNVD Published: 2025-07-20

Description (Chinese)

Metasoft MetaCRM是中国美特软件（Metasoft）公司的一款客户关系管理系统软件。 Metasoft MetaCRM 6.4.2及之前版本存在SQL注入漏洞，该漏洞源于文件mcc_login.jsp中参数workerid处理不当导致SQL注入。

Description (English)

Metasoft MetaCRM is a CRM software for MetaSoft. Metasoft MetaCRM 6.4.2 and previous versions contained a SQL injection loophole, which arose from the mishandling of the parameter workerid in document mcc login.jsp, resulting in the SQL injection.

Hazard Level

High

Vulnerability Type

SQL注入

Affected Vendor

美特软件

Published

2025-07-20

Last Modified

2026-02-24

References

https://github.com/FightingLzn9/vul/blob/main/MetaCRM6-SQLI-1.md https://vuldb.com/?submit.611043 https://vuldb.com/?id.316987 https://vuldb.com/?ctiid.316987 https://access.redhat.com/security/cve/cve-2025-7873 https://nvd.nist.gov/vuln/detail/CVE-2025-7873