Critical severity9.8NVD Advisory· Published Jul 25, 2024· Updated Jun 17, 2026
CVE-2024-38289
CVE-2024-38289
Description
A boolean-based SQL injection issue in the Virtual Meeting Password (VMP) endpoint in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to extract hashed passwords from the database, and authenticate to the application, via crafted SQL input.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <=8.x
Patches
Vulnerability mechanics
References
2- github.com/google/security-research/security/advisories/GHSA-vx5j-8pgx-v42vnvdExploitThird Party Advisory
- www.rhubcom.com/v5/manuals.htmlnvdProduct
News mentions
0No linked articles in our index yet.