cve/2016/CVE-2016-2164.md

### [CVE-2016-2164](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2164)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

The (1) FileService.importFileByInternalUserId and (2) FileService.importFile SOAP API methods in Apache OpenMeetings before 3.1.1 improperly use the Java URL class without checking the specified protocol handler, which allows remote attackers to read arbitrary files by attempting to upload a file.

### POC

#### Reference
- http://packetstormsecurity.com/files/136434/Apache-OpenMeetings-3.0.7-Arbitary-File-Read.html

#### Github
No PoCs found on GitHub currently.
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2016-2164](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2164)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			`The (1) FileService.importFileByInternalUserId and (2) FileService.importFile SOAP API methods in Apache OpenMeetings before 3.1.1 improperly use the Java URL class without checking the specified protocol handler, which allows remote attackers to read arbitrary files by attempting to upload a file.`

			`### POC`

			`#### Reference`
			`- http://packetstormsecurity.com/files/136434/Apache-OpenMeetings-3.0.7-Arbitary-File-Read.html`

			`#### Github`
			`No PoCs found on GitHub currently.`