CVE-2024-6118

CRITICAL

Hamastar MeetingHub Paperless Meetings 2021 - Info Disclosure

Title source: llm

Description

A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperless Meetings 2021 allows remote attackers to obtain the other users’ credentials and gain access to the product via an XML file.

References (1)

[Third Party Advisory] https://zuso.ai/advisory/za-2024-03

Scores

CVSS v3 9.1

EPSS 0.0015

EPSS Percentile 34.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Classification

CWE

CWE-522 CWE-256

Status published

Affected Products (1)

hamastar/meetinghub_paperless_meetings

Timeline

Published Aug 05, 2024

Tracked Since Feb 18, 2026