Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-0784Path Traversal in Apache Openmeetings

CWE-22Path Traversal5 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
6.1%
top 9.23%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apache Openmeetings
Timeline
PublishedApr 11
Latest updateMay 14

Description

Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1 allows remote authenticated administrators to write to arbitrary files via a .. (dot dot) in a ZIP archive entry.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

Patches

Patch: openmeetings.apache.orgPatch: openmeetings.apache.org

🔴Vulnerability Details

3
OSV
Apache OpenMeetings Directory Traversal vulnerability2022-05-14
GHSA
Apache OpenMeetings Directory Traversal vulnerability2022-05-14
CVEList
CVE-2016-0784: Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 32016-04-11

💥Exploits & PoCs

1
Exploit-DB
Apache OpenMeetings 1.9.x < 3.1.0 - '.ZIP' File Directory Traversal2016-03-31
CVE-2016-0784 — Path Traversal in Apache Openmeetings | cvebase