CVE-2026-6629

HIGH 7.3

Metasoft 美特软件 MetaCRM Interface sql.jsp Statement.executeUpdate sql injection

CVSS Score

7.3

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability has been found in Metasoft 美特软件 MetaCRM up to 6.4.0. This vulnerability affects the function Statement.executeUpdate of the file sql.jsp of the component Interface. Such manipulation of the argument sql leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE	CWE-89 CWE-74
Vendor	metasoft 美特软件
Product	metacrm
Published	Apr 20, 2026

Stay Ahead of the Next One

Get instant alerts for metasoft 美特软件 metacrm

Be the first to know when new high vulnerabilities affecting metasoft 美特软件 metacrm are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

Metasoft 美特软件 / MetaCRM

6.0 6.1 6.2 6.3 6.4.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/358263 vuldb.com: https://vuldb.com/vuln/358263/cti vuldb.com: https://vuldb.com/submit/792615 my.feishu.cn: https://my.feishu.cn/docx/JttndUaPLoR88HxI1alcz1uencf?from=from_copylink

Credits

🔍 0menc (VulDB User) VulDB CNA Team