LOW
Metasoft 美特软件
CVE published 2026-06-01
CVE-2026-10205
A remote unrestricted file upload vulnerability exists in Metasoft MetaCRM 6.4.0, specifically in the develop/systparam/softlogo/upload.jsp endpoint. The vulnerability allows authenticated remote attackers to upload arbitrary files. The CVSS 4.0 base score is 2.1 (LOW severity), with the vector indicating network attack vector, low attack complexity, no attack requirements, and low privileges required (AV [truncated]