Description
An attacker who has gained access to an admin account can perform RCE via null-byte injection Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0
Remediation
References
https://lists.apache.org/thread/230plvhbdx26m43b0sy942wlwt6kkmmr
Related Vulnerabilities
CVE-2022-26850 Vulnerability in maven package org.apache.nifi:nifi-single-user-utils
CVE-2015-8857 Vulnerability in maven package org.webjars.npm:uglify-js
CVE-2020-8570 Vulnerability in maven package io.kubernetes:client-java
CVE-2024-4367 Vulnerability in maven package org.webjars.bowergithub.mozilla:pdfjs-dist
CVE-2016-0706 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core