CVE-2023-29246

CVE-2023-29246: Apache OpenMeetings: allows null-byte Injection

Vendor Apache Software Foundation

Product Apache OpenMeetings

Weakness CWE-20 · Input validation

Published May 12, 2023

Last update October 10, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

An attacker who has gained access to an admin account can perform RCE via null-byte injection Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0

Key dates

Disclosure timeline

May 12, 2023 CVE published

October 10, 2024 Record updated