TurboMeeting 漏洞列表

TurboMeeting是一款视频会议和远程支持服务器软件，提供高效的在线协作功能。TurboMeeting的/as/wapi/vmp接口存在布尔盲注SQL注入漏洞，攻击者可以通过该漏洞执行任意SQL命令，从而访问敏感数据或进一步危害服务器安全。

The Certificate Signing Request (CSR) feature in the admin portal of the application is vulnerable to command injection. This vulnerability could allow authenticated admin users to execute arbitrary commands on the underlying server by injecting malicious input into the CSR generation process. The application failed to properly sanitize user-supplied input before using it in a command executed privileges.

A Boolean-based SQL injection vulnerability in the "RHUB TurboMeeting" web application. This vulnerability could allow an attacker to execute arbitrary SQL commands on the database server, potentially allowing them to access sensitive data or compromise the server.

RHUB TurboMeeting是RHUB公司的一种协作解决方案。提供网络会议、远程支持、音频会议、视频会议、远程访问和网络研讨会支持。RHUB TurboMeeting 8.X之前版本存在命令注入漏洞。此漏洞是由于未充分验证用户输入common_name的数据所导致的。

TurboMeeting是一款视频会议软件，中文名为连通宝，也可以视为一款用于远程会议的电脑办公软件和效率工具，TurboMeeting存在SQL注入漏洞，攻击者可以通过该漏洞获取数据库敏感信息。