Rhubcom Turbomeeting vulnerabilities
3 known vulnerabilities affecting rhubcom/turbomeeting.
Total CVEs
3
CISA KEV
0
Public exploits
2
Exploited in wild
1
Severity breakdown
CRITICAL2HIGH1
Vulnerabilities
Page 1 of 1
CVE-2024-38289P1CRITICALCVSS 9.8ExploitedPoC≤ 8.02024-07-25
CVE-2024-38289 [CRITICAL] CWE-89 CVE-2024-38289: A boolean-based SQL injection issue in the Virtual Meeting Password (VMP) endpoint in R-HUB TurboMee
A boolean-based SQL injection issue in the Virtual Meeting Password (VMP) endpoint in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to extract hashed passwords from the database, and authenticate to the application, via crafted SQL input.
nvd
CVE-2024-38288P2HIGHCVSS 7.2PoCfixed in 8.02024-07-25
CVE-2024-38288 [HIGH] CWE-77 CVE-2024-38288: A command-injection issue in the Certificate Signing Request (CSR) functionality in R-HUB TurboMeeti
A command-injection issue in the Certificate Signing Request (CSR) functionality in R-HUB TurboMeeting through 8.x allows authenticated attackers with administrator privileges to execute arbitrary commands on the underlying server as root.
nvd
CVE-2024-38287P2CRITICALCVSS 9.8fixed in 8.02024-07-25
CVE-2024-38287 [CRITICAL] CWE-640 CVE-2024-38287: The password-reset mechanism in the Forgot Password functionality in R-HUB TurboMeeting through 8.x
The password-reset mechanism in the Forgot Password functionality in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to force the application into resetting the administrator's password to a random insecure 8-digit value.
nvd