CVE-2022-46764

Summary

A SQL injection issue in the web API in TrueConf Server 5.2.0.10225 (fixed in 5.2.6.10025) allows remote unauthenticated attackers to execute arbitrary SQL commands, ultimately leading to remote code execution.

Affected Software

VendorProductVersion RangeStatus
TrueConfTrueConf Server5.2.0.10225affected
TrueConfTrueConf Server5.2.6.10025 <= *unaffected

Weaknesses

  • CWE-89: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References