cbcvebase.

Hamastar Meetinghub Paperless Meetings vulnerabilities

5 known vulnerabilities affecting hamastar/meetinghub_paperless_meetings.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH2MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2026-1331P2CRITICALCVSS 9.8fixed in 2025-12-102026-01-22
CVE-2026-1331 [CRITICAL] CWE-434 CVE-2026-1331: MeetingHub developed by HAMASTAR Technology has an Arbitrary File Upload vulnerability, allowing una MeetingHub developed by HAMASTAR Technology has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
nvd
CVE-2024-6117P2HIGHCVSS 8.8v20212024-08-05
CVE-2024-6117 [HIGH] CWE-434 CVE-2024-6117: A Unrestricted upload of file with dangerous type vulnerability in meeting management function in Ha A Unrestricted upload of file with dangerous type vulnerability in meeting management function in Hamastar MeetingHub Paperless Meetings 2021 allows remote authenticated users to perform arbitrary system commands via a crafted ASP file.
nvd
CVE-2024-6118P3CRITICALCVSS 9.1v20212024-08-05
CVE-2024-6118 [CRITICAL] CWE-256 CVE-2024-6118: A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperle A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperless Meetings 2021 allows remote attackers to obtain the other users’ credentials and gain access to the product via an XML file.
nvd
CVE-2026-1330P3HIGHCVSS 7.5fixed in 2025-12-102026-01-22
CVE-2026-1330 [HIGH] CWE-36 CVE-2026-1330: MeetingHub developed by HAMASTAR Technology has an Arbitrary File Read vulnerability, allowing unaut MeetingHub developed by HAMASTAR Technology has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files.
nvd
CVE-2026-1332P3MEDIUMCVSS 5.3fixed in 2025-12-102026-01-22
CVE-2026-1332 [MEDIUM] CWE-306 CVE-2026-1332: MeetingHub developed by HAMASTAR Technology has a Missing Authentication vulnerability, allowing una MeetingHub developed by HAMASTAR Technology has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access specific API functions and obtain meeting-related information.
nvd