Rhubcom: >> Turbomeeting Security Vulnerabilities
A boolean-based SQL injection issue in the Virtual Meeting Password (VMP) endpoint in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to extract hashed passwords from the database, and authenticate to the application, via crafted SQL input.
CVSS Score
9.8
EPSS Score
0.862
Published
2024-07-25
The password-reset mechanism in the Forgot Password functionality in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to force the application into resetting the administrator's password to a random insecure 8-digit value.
CVSS Score
9.8
EPSS Score
0.005
Published
2024-07-25
A command-injection issue in the Certificate Signing Request (CSR) functionality in R-HUB TurboMeeting through 8.x allows authenticated attackers with administrator privileges to execute arbitrary commands on the underlying server as root.
CVSS Score
7.2
EPSS Score
0.327
Published
2024-07-25