PT-2026-58016 · Apache · Apache Openmeetings+1
Publicado
2026-07-14
·
Atualizado
2026-07-14
·
CVE-2026-49488
CVSS v3.1
6.5
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OpenMeetings.
This issue affects Apache OpenMeetings: from 5.0.0 before 9.1.0.
An attacker with moderator rights in any room can read arbitrary files accessible to the OS account running the OM server, including credentials and secrets, via a crafted download request.
Users are recommended to upgrade to version 9.1.0, which fixes the issue.
Correção
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Apache Openmeetings
Openmeetings