An attacker who has gained access to an admin account can perform RCE via null-byte injection
Vendor: The Apache Software Foundation
Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0
References
Link | Resource |
---|---|
https://lists.apache.org/thread/230plvhbdx26m43b0sy942wlwt6kkmmr | Mailing List |
Configurations
History
22 May 2023, 14:55
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.2 |
First Time |
Apache openmeetings
Apache |
|
References | (MISC) https://lists.apache.org/thread/230plvhbdx26m43b0sy942wlwt6kkmmr - Mailing List | |
CPE | cpe:2.3:a:apache:openmeetings:*:*:*:*:*:*:*:* |
12 May 2023, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-05-12 08:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-29246
Mitre link : CVE-2023-29246
CVE.ORG link : CVE-2023-29246
JSON object : View
Products Affected
apache
- openmeetings
CWE
CWE-20
Improper Input Validation