CVE-2018-4056

CVE-2018-4056

An exploitable SQL injection vulnerability exists in the administrator web portal function of coTURN prior to version 4.5.0.9. A login message with a specially crafted username can cause an SQL injection, resulting in authentication bypass, which could give access to the TURN server administrator web portal. An attacker can log in via the external interface of the TURN server to trigger this vulnerability.

Source: CVE-2018-4056

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다