Meetinghub Paperless Meetings
CVE-2026-1331
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
MeetingHub developed by HAMASTAR Technology has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
AnalysisAI
HAMASTAR MeetingHub has an arbitrary file upload vulnerability allowing unauthenticated remote attackers to upload web shells and achieve full server compromise.
Technical ContextAI
MeetingHub by HAMASTAR Technology has a CWE-434 unrestricted file upload vulnerability that allows unauthenticated attackers to upload executable files to the web server without any file type validation.
RemediationAI
Apply patches. Implement file type validation. Store uploads outside the web root.
A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperless Meetings 2021 all
A Unrestricted upload of file with dangerous type vulnerability in meeting management function in Hamastar MeetingHub Pa
MeetingHub Paperless Meetings contains an arbitrary file read vulnerability that enables unauthenticated remote attacker
Meetinghub Paperless Meetings is affected by missing authentication for critical function (CVSS 5.3).
Same technique File Upload
View allShare
External POC / Exploit Code
Leaving vuln.today