A boolean-based SQL injection issue in the Virtual Meeting Password (VMP) endpoint in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to extract hashed passwords from the database, and authenticate to the application, via crafted SQL input.
Metrics
Affected Vendors & Products
References
History
Tue, 13 Aug 2024 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Rhubcom
Rhubcom turbomeeting |
|
CPEs | cpe:2.3:a:rhubcom:turbomeeting:*:*:*:*:*:*:*:* | |
Vendors & Products |
Rhubcom
Rhubcom turbomeeting |
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-07-25T00:00:00
Updated: 2024-08-02T04:04:25.174Z
Reserved: 2024-06-13T00:00:00
Link: CVE-2024-38289
Vulnrichment
Updated: 2024-07-31T13:57:30.345Z
NVD
Status : Analyzed
Published: 2024-07-25T20:15:05.017
Modified: 2024-09-09T13:53:35.767
Link: CVE-2024-38289
Redhat
No data.