Описание
A boolean-based SQL injection issue in the Virtual Meeting Password (VMP) endpoint in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to extract hashed passwords from the database, and authenticate to the application, via crafted SQL input.
Ссылки
- ExploitThird Party Advisory
- Product
- ExploitThird Party Advisory
- Product
Уязвимые конфигурации
Конфигурация 1Версия до 8.0 (включая)
cpe:2.3:a:rhubcom:turbomeeting:*:*:*:*:*:*:*:*
EPSS
Процентиль: 99%
0.84253
Высокий
9.8 Critical
CVSS3
Дефекты
CWE-89
CWE-89
EPSS
Процентиль: 99%
0.84253
Высокий
9.8 Critical
CVSS3
Дефекты
CWE-89
CWE-89