{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/metacrm-up-to-6.4.0-beta06/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-15514"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["MetaCRM up to 6.4.0 Beta06"],"_cs_severities":["high"],"_cs_tags":["sql-injection","web-vulnerability","crm","remote-code-execution"],"_cs_type":"advisory","_cs_vendors":["Metasoft 美特软件"],"content_html":"\u003cp\u003eA high-severity SQL injection vulnerability, tracked as CVE-2026-15514, has been identified in Metasoft MetaCRM software, affecting versions up to 6.4.0 Beta06. This weakness resides within the \u003ccode\u003eRPCService.query\u003c/code\u003e function of the \u003ccode\u003e/customizemt/xkq/rpc.jsp\u003c/code\u003e component, which is part of the PHPRPC Remote Call Interface. Attackers can remotely exploit this flaw by manipulating the \u003ccode\u003ephprpc_args\u003c/code\u003e argument, injecting malicious SQL queries. This can lead to unauthorized access, modification, or exfiltration of sensitive data from the underlying database. A public exploit for this vulnerability is available, increasing the immediate risk of attacks. The vendor, Metasoft 美特软件, was notified of this vulnerability but has not yet responded to the disclosure. Organizations using affected MetaCRM versions are at significant risk of data breaches and system compromise if this vulnerability remains unpatched.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a vulnerable Metasoft MetaCRM instance exposed to the internet.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a specially malformed \u003ccode\u003ephprpc_args\u003c/code\u003e parameter containing SQL injection payload.\u003c/li\u003e\n\u003cli\u003eThe attacker sends an HTTP POST request to the \u003ccode\u003e/customizemt/xkq/rpc.jsp\u003c/code\u003e endpoint on the vulnerable server, including the malicious \u003ccode\u003ephprpc_args\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eThe server's \u003ccode\u003eRPCService.query\u003c/code\u003e function within the \u003ccode\u003ePHPRPC Remote Call Interface\u003c/code\u003e processes the request without proper sanitization.\u003c/li\u003e\n\u003cli\u003eThe injected SQL commands are executed by the backend database, leading to unauthorized data access or manipulation.\u003c/li\u003e\n\u003cli\u003eThe attacker gains access to sensitive database information, potentially leading to data exfiltration or further system compromise.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-15514 can result in significant data compromise. Attackers can gain unauthorized read and write access to the MetaCRM database, potentially exfiltrating sensitive customer information, financial data, or internal business records. Manipulation of database content could lead to data integrity issues, service disruption, or even administrative account compromise if credentials are stored insecurely. The widespread use of MetaCRM in various sectors means that a successful attack could impact numerous organizations, resulting in financial losses, reputational damage, and regulatory penalties. The public availability of an exploit significantly escalates the threat level, making immediate action crucial for all affected organizations.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule provided in this brief to your SIEM to detect exploitation attempts against CVE-2026-15514.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs (\u003ccode\u003ecategory: webserver\u003c/code\u003e) for suspicious POST requests to \u003ccode\u003e/customizemt/xkq/rpc.jsp\u003c/code\u003e containing SQL injection patterns in the query string.\u003c/li\u003e\n\u003cli\u003eApply any available patches or updates from Metasoft 美特软件 addressing CVE-2026-15514 as soon as they are released. In the absence of an official patch, consider implementing a Web Application Firewall (WAF) to filter malicious input to the \u003ccode\u003e/customizemt/xkq/rpc.jsp\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-13T00:18:09Z","date_published":"2026-07-13T00:18:09Z","id":"https://feed.craftedsignal.io/briefs/2026-07-metacrm-sqli/","summary":"A critical SQL injection vulnerability (CVE-2026-15514) in Metasoft MetaCRM up to version 6.4.0 Beta06 allows remote attackers to exploit the RPCService.query function via the phprpc_args argument in /customizemt/xkq/rpc.jsp, leading to unauthorized database access and manipulation, with a public exploit available.","title":"Metasoft MetaCRM SQL Injection Vulnerability (CVE-2026-15514)","url":"https://feed.craftedsignal.io/briefs/2026-07-metacrm-sqli/"}],"language":"en","title":"CraftedSignal Threat Feed - MetaCRM Up to 6.4.0 Beta06","version":"https://jsonfeed.org/version/1.1"}