CVE-2024-38288

HIGH NUCLEI

R-HUB TurboMeeting <8.x - Command Injection

Title source: llm

Description

A command-injection issue in the Certificate Signing Request (CSR) functionality in R-HUB TurboMeeting through 8.x allows authenticated attackers with administrator privileges to execute arbitrary commands on the underlying server as root.

Nuclei Templates (1)

TurboMeeting - Post-Authentication Command Injection
HIGHVERIFIEDby rootxharsh,iamnoooob,pdresearch
Shodan: html:"TurboMeeting"

References (2)

Scores

CVSS v3 7.2
EPSS 0.6854
EPSS Percentile 98.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-77
Status published
Products (1)
rhubcom/turbomeeting < 8.0
Published Jul 25, 2024
Tracked Since Feb 18, 2026