VYPR
Unrated severityNVD Advisory· Published Feb 5, 2019· Updated Sep 17, 2024

CVE-2018-4056

CVE-2018-4056

Description

An exploitable SQL injection vulnerability exists in the administrator web portal function of coTURN prior to version 4.5.0.9. A login message with a specially crafted username can cause an SQL injection, resulting in authentication bypass, which could give access to the TURN server administrator web portal. An attacker can log in via the external interface of the TURN server to trigger this vulnerability.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Coturn/Coturnllm-fuzzy
    Range: <4.5.0.9
  • Talos/coTURNv5
    Range: coTURN 4.5.0.5

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.