Vulnerability Details CVE-2024-38288
A command-injection issue in the Certificate Signing Request (CSR) functionality in R-HUB TurboMeeting through 8.x allows authenticated attackers with administrator privileges to execute arbitrary commands on the underlying server as root.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.685
EPSS Ranking 98.5%
CVSS Severity
CVSS v3 Score 7.2
References
Products affected by CVE-2024-38288
-
cpe:2.3:a:rhubcom:turbomeeting:-
-
cpe:2.3:a:rhubcom:turbomeeting:3.2
-
cpe:2.3:a:rhubcom:turbomeeting:3.2.1
-
cpe:2.3:a:rhubcom:turbomeeting:3.3
-
cpe:2.3:a:rhubcom:turbomeeting:3.4
-
cpe:2.3:a:rhubcom:turbomeeting:3.4.1
-
cpe:2.3:a:rhubcom:turbomeeting:3.4.2
-
cpe:2.3:a:rhubcom:turbomeeting:4.0
-
cpe:2.3:a:rhubcom:turbomeeting:4.1
-
cpe:2.3:a:rhubcom:turbomeeting:4.2
-
cpe:2.3:a:rhubcom:turbomeeting:4.3
-
cpe:2.3:a:rhubcom:turbomeeting:4.4
-
cpe:2.3:a:rhubcom:turbomeeting:5.0
-
cpe:2.3:a:rhubcom:turbomeeting:5.1
-
cpe:2.3:a:rhubcom:turbomeeting:6.0
-
cpe:2.3:a:rhubcom:turbomeeting:6.1
-
cpe:2.3:a:rhubcom:turbomeeting:7.0.2