Product
A critical SQL injection vulnerability (CVE-2026-15514) in Metasoft MetaCRM up to version 6.4.0 Beta06 allows remote attackers to exploit the RPCService.query function via the phprpc_args argument in /customizemt/xkq/rpc.jsp, leading to unauthorized database access and manipulation, with a public exploit available.