Full title: BigBlueButton 2.2.25 File Disclosure / Server-Side Request Forgery Vulnerabilities 
Category: web applications
Platform: linux
Vulnerability in the BigBlueButton web conferencing system version 2.2.25 that allows participants of a conference with permissions to upload presentations to read arbitrary files from the file system and perform server-side requests. This leads to administrative access to the BigBlueButton instance.

# 0day.today @ http://0day.today/