CNNVD-202507-2554 Information

CNNVD ID

CNNVD-202507-2554

Related CVE

CVE-2025-7880

• CNNVD Published: 2025-07-20

Description (Chinese)

Metasoft MetaCRM是中国美特软件（Metasoft）公司的一款客户关系管理系统软件。 Metasoft MetaCRM 6.4.2及之前版本存在代码问题漏洞，该漏洞源于对文件/business/common/sms/sendsms.jsp中参数File的错误操作导致任意文件上传。

Description (English)

Metasoft MetaCRM is a CRM software for MetaSoft. There is a code gap in Metasoft MetaCRM 6.4.2 and previous versions, which stems from an error in handling File, the parameter in document/business/common/sms/sends.jsp, resulting in any upload of the document.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

美特软件

Published

2025-07-20

Last Modified

2026-02-24

References

https://vuldb.com/?id.316994 https://vuldb.com/?ctiid.316994 https://github.com/FightingLzn9/vul/blob/main/MetaCRM-Upload-7.md https://vuldb.com/?submit.611336 https://nvd.nist.gov/vuln/detail/CVE-2025-7880 https://access.redhat.com/security/cve/cve-2025-7880