Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-mg5h-f3q8-c96g: Apache OpenMeetings vulnerable to remote code execution via null-bye injection

An attacker who has gained access to an admin account can perform RCE via null-byte injection

Vendor: The Apache Software Foundation

Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0

ghsa
#apache#git#rce

Apache OpenMeetings vulnerable to remote code execution via null-bye injection

Moderate severity GitHub Reviewed Published May 12, 2023 to the GitHub Advisory Database • Updated May 12, 2023

Related news

Apache OpenMeetings Web Conferencing Tool Exposed to Critical Vulnerabilities

Multiple security flaws have been disclosed in Apache OpenMeetings, a web conferencing solution, that could be potentially exploited by malicious actors to seize control of admin accounts and run malicious code on susceptible servers. "Attackers can bring the application into an unexpected state, which allows them to take over any user account, including the admin account," Sonar vulnerability

CVE-2023-29246

An attacker who has gained access to an admin account can perform RCE via null-byte injection Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0