CVE-2016-0784
MEDIUM6.5EPSS 6.1%Apache OpenMeetings Directory Traversal vulnerability
Published: 5/14/2022Modified: 4/14/2025
Description
Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1 allows remote authenticated administrators to write to arbitrary files via a .. (dot dot) in a ZIP archive entry.
Affected packages (1)
- Maven/org.apache.openmeetings:openmeetings-install>= 1.9.0, < 3.1.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
References (10)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2016-0784
- PATCHhttps://github.com/apache/openmeetings
- WEBhttp://openmeetings.apache.org/security.html
- WEBhttps://github.com/apache/openmeetings/commit/fbab8891d96f3352c37f1be303d9c9a685aa6847
- WEBhttps://web.archive.org/web/20160330085718/http://haxx.ml/post/141655340521/all-your-meetings-are-belong-to-us-remote-code
- WEBhttps://web.archive.org/web/20160617190447/https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG
- WEBhttps://web.archive.org/web/20201209041006/http://www.securityfocus.com/archive/1/537929/100/0/threaded
- WEBhttps://web.archive.org/web/20201221104133/http://packetstormsecurity.com/files/136484/Apache-OpenMeetings-3.1.0-Path-Traversal.html
- WEBhttps://www.exploit-db.com/exploits/39642
- WEBhttp://www.openwall.com/lists/oss-security/2016/03/25/2