'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

RULE(RULE ID:339271)

Rule General Information
Release Date: 2025-07-22
Rule Name: MetaCRM sendsms.jsp Arbitrary File Upload Vulnerability
Severity:
CVE ID:
Rule Protection Details
Description: MetaCRM is an intelligent platform-based CRM software. By enhancing enterprise management and collaborative office work, it comprehensively improves the management level and operational efficiency of enterprises, helping them achieve outstanding management. The sendsms.jsp interface of Meite CRM has a vulnerability in arbitrary file upload. Attackers can upload any type of file to the server without strict identity verification, including executable malicious scripts. Once this vulnerability is exploited, attackers may deploy backdoors, Webshells and other malicious programs on the server, thereby achieving remote code execution, server control, and even further stealing sensitive data or disrupting the normal operation of business systems.
Impact: Attackers can upload viruses, Trojans, WebShell, other malicious scripts or pictures containing scripts to the server, and attackers can use these files for subsequent attacks.
Affected OS: Windows, Linux, Others
Reference:
Solutions
Please contact the software vendor to update the software patch.