CNNVD-202507-2553 Information

Jul 20, 2025 cve

CNNVD ID

CNNVD-202507-2553

CVE-2025-7878

  • CNNVD Published: 2025-07-20

Description (Chinese)

Metasoft MetaCRM是中国美特软件(Metasoft)公司的一款客户关系管理系统软件。 Metasoft MetaCRM 6.4.2及之前版本存在代码问题漏洞,该漏洞源于对文件/common/jsp/upload2.jsp中参数File的错误操作导致任意文件上传。

Description (English)

Metasoft MetaCRM is a CRM software for MetaSoft. There is a code gap in Metasoft MetaCRM 6.4.2 and earlier versions, which stems from an error in handling File, the parameter in file/common/jsp/upload2.jsp, resulting in the uploading of any file.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

美特软件

Published

2025-07-20

Last Modified

2026-02-24

References

https://github.com/FightingLzn9/vul/blob/main/MetaCRM6-Upload-5.md https://vuldb.com/?ctiid.316992 https://vuldb.com/?id.316992 https://vuldb.com/?submit.611267 https://access.redhat.com/security/cve/cve-2025-7878 https://nvd.nist.gov/vuln/detail/CVE-2025-7878

Share on: