<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>MetaCRM Up to 6.4.0 Beta06 - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/products/metacrm-up-to-6.4.0-beta06/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Mon, 13 Jul 2026 00:18:09 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/products/metacrm-up-to-6.4.0-beta06/feed.xml" rel="self" type="application/rss+xml"/><item><title>Metasoft MetaCRM SQL Injection Vulnerability (CVE-2026-15514)</title><link>https://feed.craftedsignal.io/briefs/2026-07-metacrm-sqli/</link><pubDate>Mon, 13 Jul 2026 00:18:09 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-metacrm-sqli/</guid><description>A critical SQL injection vulnerability (CVE-2026-15514) in Metasoft MetaCRM up to version 6.4.0 Beta06 allows remote attackers to exploit the RPCService.query function via the phprpc_args argument in /customizemt/xkq/rpc.jsp, leading to unauthorized database access and manipulation, with a public exploit available.</description><content:encoded><![CDATA[<p>A high-severity SQL injection vulnerability, tracked as CVE-2026-15514, has been identified in Metasoft MetaCRM software, affecting versions up to 6.4.0 Beta06. This weakness resides within the <code>RPCService.query</code> function of the <code>/customizemt/xkq/rpc.jsp</code> component, which is part of the PHPRPC Remote Call Interface. Attackers can remotely exploit this flaw by manipulating the <code>phprpc_args</code> argument, injecting malicious SQL queries. This can lead to unauthorized access, modification, or exfiltration of sensitive data from the underlying database. A public exploit for this vulnerability is available, increasing the immediate risk of attacks. The vendor, Metasoft 美特软件, was notified of this vulnerability but has not yet responded to the disclosure. Organizations using affected MetaCRM versions are at significant risk of data breaches and system compromise if this vulnerability remains unpatched.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>An attacker identifies a vulnerable Metasoft MetaCRM instance exposed to the internet.</li>
<li>The attacker crafts a specially malformed <code>phprpc_args</code> parameter containing SQL injection payload.</li>
<li>The attacker sends an HTTP POST request to the <code>/customizemt/xkq/rpc.jsp</code> endpoint on the vulnerable server, including the malicious <code>phprpc_args</code> parameter.</li>
<li>The server's <code>RPCService.query</code> function within the <code>PHPRPC Remote Call Interface</code> processes the request without proper sanitization.</li>
<li>The injected SQL commands are executed by the backend database, leading to unauthorized data access or manipulation.</li>
<li>The attacker gains access to sensitive database information, potentially leading to data exfiltration or further system compromise.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>Successful exploitation of CVE-2026-15514 can result in significant data compromise. Attackers can gain unauthorized read and write access to the MetaCRM database, potentially exfiltrating sensitive customer information, financial data, or internal business records. Manipulation of database content could lead to data integrity issues, service disruption, or even administrative account compromise if credentials are stored insecurely. The widespread use of MetaCRM in various sectors means that a successful attack could impact numerous organizations, resulting in financial losses, reputational damage, and regulatory penalties. The public availability of an exploit significantly escalates the threat level, making immediate action crucial for all affected organizations.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Deploy the Sigma rule provided in this brief to your SIEM to detect exploitation attempts against CVE-2026-15514.</li>
<li>Monitor web server logs (<code>category: webserver</code>) for suspicious POST requests to <code>/customizemt/xkq/rpc.jsp</code> containing SQL injection patterns in the query string.</li>
<li>Apply any available patches or updates from Metasoft 美特软件 addressing CVE-2026-15514 as soon as they are released. In the absence of an official patch, consider implementing a Web Application Firewall (WAF) to filter malicious input to the <code>/customizemt/xkq/rpc.jsp</code> endpoint.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>sql-injection</category><category>web-vulnerability</category><category>crm</category><category>remote-code-execution</category></item></channel></rss>