🔐 CVE Alert

CVE-2026-15514

HIGH 7.3

Metasoft 美特软件 MetaCRM PHPRPC Remote Call rpc.jsp RPCService.query sql injection

CVSS Score
7.3
EPSS Score
0.3%
EPSS Percentile
17th

A weakness has been identified in Metasoft 美特软件 MetaCRM up to 6.4.0 Beta06. This vulnerability affects the function RPCService.query of the file /customizemt/xkq/rpc.jsp of the component PHPRPC Remote Call Interface. Executing a manipulation of the argument phprpc_args can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

CWE CWE-89 CWE-74
Vendor metasoft 美特软件
Product metacrm
Published Jul 12, 2026
Last Updated Jul 13, 2026
Stay Ahead of the Next One

Get instant alerts for metasoft 美特软件 metacrm

Be the first to know when new high vulnerabilities affecting metasoft 美特软件 metacrm are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

Metasoft 美特软件 / MetaCRM
6.4.0 Beta06

References

NVD ↗ CVE.org ↗ EPSS Data ↗
vuldb.com: https://vuldb.com/vuln/377843 vuldb.com: https://vuldb.com/vuln/377843/cti vuldb.com: https://vuldb.com/cve/CVE-2026-15514 vuldb.com: https://vuldb.com/submit/848598 ucn9h68n9289.feishu.cn: https://ucn9h68n9289.feishu.cn/docx/SX91dyomSoAeHJxnfygckPQNnLL?from=from_copylink

Credits

🔍 bigbrother_man (VulDB User) VulDB CNA Team