PT-2012-4819 · Open Source Competency Center · Mymeeting+1

Published

2012-09-11

Updated

2012-09-12

CVE-2012-3572

CVSS v2.0

6.0

Medium

Vector

AV:N/AC:M/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Open Source Competency Center (OSCC) MyMeeting versions 3.0.1 and earlier Open Source Competency Center (OSCC) MyMesyuarat version 09b-1

Description The issue allows remote authenticated users to execute arbitrary PHP code via a crafted document, due to improper verification of uploaded documents.

Recommendations For MyMeeting versions 3.0.1 and earlier, update to a version that properly verifies uploaded documents. For MyMesyuarat version 09b-1, update to a version that properly verifies uploaded documents. As a temporary workaround, consider restricting the upload of documents to minimize the risk of exploitation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2012-3572

Affected Products

Mymeeting

Mymesyuarat

PT-2012-4819 · Open Source Competency Center · Mymeeting+1

CVE-2012-3572

Weakness Enumeration

Related Identifiers

Affected Products

References · 3