CVE-2016-0784

MEDIUM

Apache OpenMeetings <3.1.1 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-0784. PoCs published by Andreas Lindh.

AI-analyzed exploit summary The writeup describes a path traversal vulnerability in Apache OpenMeetings' Import/Export System Backups functionality, allowing arbitrary file write via specially crafted ZIP archives. This could lead to remote code execution by overwriting executable files.

Description

Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1 allows remote authenticated administrators to write to arbitrary files via a .. (dot dot) in a ZIP archive entry.

Exploits (1)

exploitdb WRITEUP
by Andreas Lindh · textwebappslinux
https://www.exploit-db.com/exploits/39642

The writeup describes a path traversal vulnerability in Apache OpenMeetings' Import/Export System Backups functionality, allowing arbitrary file write via specially crafted ZIP archives. This could lead to remote code execution by overwriting executable files.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Apache OpenMeetings 1.9.x - 3.1.0
Auth required
Prerequisites: Access to OpenMeetings Administration menu · Ability to upload ZIP archives
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Vendor Advisory x_refsource_confirm
https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/39642/
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/03/25/2
Patch, Vendor Advisory x_refsource_confirm
http://openmeetings.apache.org/security.html
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/537929/100/0/threaded

Scores

CVSS v3 6.5
EPSS 0.5631
EPSS Percentile 98.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-22
Status published
Products (2)
apache/openmeetings < 3.1.0
org.apache.openmeetings/openmeetings-install 1.9.0 - 3.1.1Maven
Published Apr 11, 2016
Tracked Since Feb 18, 2026