go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::

[TVN-201907001] A SQL injection vulnerability was discovered in TOPMeeting before version 8.8 (2019/08/19)

Date:
Font-stze:
  • Department:TWCERT/CC
  • Update:2019-12-04
  • Count Views:698

Title

A SQL injection vulnerability was discovered in TOPMeeting before version 8.8 (2019/08/19)

Public date

2019/10/17

Affected products

TOPMeeting before version 8.8 (2019/08/19)

Description

A SQL injection vulnerability was discovered in TOPMeeting before version 8.8 (2019/08/19). An attacker can use a union based injection query string though a search meeting room feature to get databases schema and username/password.

CVE ID

CVE-2019-13409

Solution

Update to the latest version

Credit

Jian-Xun Lee

Top