CVE-2026-6629 | Metasoft 美特软件 MetaCRM up to 6.4.0 Interface sql.jsp Statement.executeUpdate sql sql injection

Inserito da Angelo Barbosa | Apr 19, 2026 | CVE

A vulnerability, which was classified as critical, was found in Metasoft 美特软件 MetaCRM up to 6.4.0. This vulnerability affects the function Statement.executeUpdate of the file sql.jsp of the component Interface. Such manipulation of the argument sql leads to sql injection.

This vulnerability is uniquely identified as CVE-2026-6629. The attack can be launched remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-6629 | Metasoft 美特软件 MetaCRM up to 6.4.0 Interface sql.jsp Statement.executeUpdate sql sql injection

Post correlati

CVE-2025-69241 | Raytha CMS up to 1.4.5 FirstName/LastName cross site scripting

CVE-2024-7339 | TVT DVR TD-2104TS-CL up to 1.3.4.24879B190222.D00.U2(8A21S) /queryDevInfo information disclosure

CVE-2024-5836 | Google Chrome prior 126.0.6478.54 DevTools Remote Code Execution (ID 341875)

CVE-2024-6340 | Premium Addons for Elementor Plugin up to 4.10.35 on WordPress Countdown Widget cross site scripting