Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The (1) FileService.importFileByInternalUserId and (2) FileService.importFile SOAP API methods in Apache OpenMeetings before 3.1.1 improperly use the Java URL class without checking the specified protocol handler, which allows remote attackers to read arbitrary files by attempting to upload a file.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apache OpenMeetings 安全漏洞
Vulnerability Description
Apache OpenMeetings是美国阿帕奇(Apache)软件基金会所研发的一套多语言可定制的视频会议和协作系统,它支持音频、视频并允许用户查看每个与会者的桌面等。 Apache OpenMeetings 3.1.1之前版本的FileService.importFileByInternalUserId和FileService.importFile SOAP API方法中存在安全漏洞,该漏洞源于程序使用Java URL类时没有检查API调用中指定的协议处理器。攻击者可利用该漏洞读取系统中的任意文件。
CVSS Information
N/A
Vulnerability Type
N/A