【Vulnerability Alert】HamaStar Technology | MeetingHub Paperless Meeting System – Arbitrary File Upload Vulnerability

publish date : 2026-01-26 update date : 2026-01-26

Source: Ministry of education information & communication security contingency platform

"" "" ""

Publication Number TACERT-ANA-2026012301011313 Publication Time 2026/01/23 13:31
Incident Type ANA-Vulnerability Alert Discovery Time 2026/01/23 13:31
Impact Level Medium  
[Subject]
【Vulnerability Alert】HamaStar Technology | MeetingHub Paperless Meeting System – Arbitrary File Upload Vulnerability
[Content]
Forwarded from TWCERTCC-200-202601-00000021

【HamaStar Technology | MeetingHub Paperless Meeting System – Arbitrary File Upload】 (CVE-2026-1331, CVSS: 9.8) An Arbitrary File Upload vulnerability exists in the MeetingHub Paperless Meeting system. An unauthenticated remote attacker can upload and execute web shell backdoor programs, thereby executing arbitrary code on the server.

(Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform]
MeetingHub (requires installation of the check-in/check-out module)
[Recommended Actions]
Install patch version 20251210 or later.
[Reference]
https://www.twcert.org.tw/tw/cp-132-10650-a5ee9-1.html
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer: Computer Center