CVE-2025-7880 | Metasoft 美特软件 MetaCRM up to 6.4.2 sendsms.jsp File unrestricted upload

Inserito da Angelo Barbosa | Lug 19, 2025 | CVE

A vulnerability was found in Metasoft 美特软件 MetaCRM up to 6.4.2 and classified as critical. Affected by this issue is some unknown functionality of the file /business/common/sms/sendsms.jsp. The manipulation of the argument File leads to unrestricted upload.

This vulnerability is handled as CVE-2025-7880. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-7880 | Metasoft 美特软件 MetaCRM up to 6.4.2 sendsms.jsp File unrestricted upload

Post correlati

CVE-2023-6423 | BigProf Online Clinic Management System 2.2 /clinic/events_view.php FirstRecord cross site scripting

CVE-2024-9358 | ThingsBoard up to 3.7.0 HTTP RPC API resource consumption

CVE-2024-47154 | Honor Magic OS up to 8.0.0.159 information disclosure

CVE-2024-34155 | Google Go up to 1.22.6/1.23.0 go-parser Parse resource consumption