Vulnerability Details CVE-2024-38289
A boolean-based SQL injection issue in the Virtual Meeting Password (VMP) endpoint in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to extract hashed passwords from the database, and authenticate to the application, via crafted SQL input.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.862
EPSS Ranking 99.4%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2024-38289
-
cpe:2.3:a:rhubcom:turbomeeting:-
-
cpe:2.3:a:rhubcom:turbomeeting:3.2
-
cpe:2.3:a:rhubcom:turbomeeting:3.2.1
-
cpe:2.3:a:rhubcom:turbomeeting:3.3
-
cpe:2.3:a:rhubcom:turbomeeting:3.4
-
cpe:2.3:a:rhubcom:turbomeeting:3.4.1
-
cpe:2.3:a:rhubcom:turbomeeting:3.4.2
-
cpe:2.3:a:rhubcom:turbomeeting:4.0
-
cpe:2.3:a:rhubcom:turbomeeting:4.1
-
cpe:2.3:a:rhubcom:turbomeeting:4.2
-
cpe:2.3:a:rhubcom:turbomeeting:4.3
-
cpe:2.3:a:rhubcom:turbomeeting:4.4
-
cpe:2.3:a:rhubcom:turbomeeting:5.0
-
cpe:2.3:a:rhubcom:turbomeeting:5.1
-
cpe:2.3:a:rhubcom:turbomeeting:6.0
-
cpe:2.3:a:rhubcom:turbomeeting:6.1
-
cpe:2.3:a:rhubcom:turbomeeting:7.0.2
-
cpe:2.3:a:rhubcom:turbomeeting:8.0