CVE-2024-38289

Name of the Vulnerable Software and Affected Versions R-HUB TurboMeeting versions through 8.x

Description A boolean-based SQL injection issue in the Virtual Meeting Password (VMP) endpoint allows unauthenticated remote attackers to extract hashed passwords from the database and authenticate to the application via crafted SQL input.

Recommendations For R-HUB TurboMeeting versions through 8.x, consider restricting access to the Virtual Meeting Password endpoint until a patch is available. As a temporary workaround, avoid using crafted SQL input in the VMP endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.