Showing 1 - 1 of 1

CVE-2020-25820

Status Candidate

Overview

BigBlueButton before 2.2.27 allows remote authenticated users to read local files and conduct SSRF attacks via an uploaded Office document that has a crafted URL in an ODF xlink field.

Related Files

BigBlueButton 2.2.25 File Disclosure / Server-Side Request Forgery: Posted Oct 21, 2020; Site redteam-pentesting.de; RedTeam Pentesting discovered a vulnerability in the BigBlueButton web conferencing system version 2.2.25 that allows participants of a conference with permissions to upload presentations to read arbitrary files from the file system and perform server-side requests. This leads to administrative access to the BigBlueButton instance.; tags | exploit, web, arbitrary; advisories | CVE-2020-25820; MD5 | 1a72d1032c8f0f83c5469fbb6b44e8de; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 111 files
Ubuntu 60 files
malvuln 57 files
Google Security Research 12 files
Gentoo 10 files
Apple 9 files
Erik David Martin 9 files
LiquidWorm 6 files
0xB9 4 files
Tim Willis 4 files

File Archives

Systems

AIX (421)
Apple (1,774)
BSD (368)
Cisco (1,902)
Debian (5,945)
Fedora (1,688)
FreeBSD (1,241)
Gentoo (4,040)
HPUX (873)
iOS (284)
iPhone (108)
IRIX (220)
Juniper (67)
Linux (39,460)
Mac OS X (673)
Mandriva (3,105)
NetBSD (255)
OpenBSD (472)
RedHat (9,691)
Slackware (941)
Solaris (1,598)
SUSE (1,444)
Ubuntu (7,135)
UNIX (8,846)
UnixWare (180)
Windows (5,809)
Other

CVE-2020-25820

Overview

Related Files

File Archive:

February 2021

Top Authors In Last 30 Days

File Tags

File Archives

Systems