CVE-2022-46764
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A SQL injection issue in the web API in TrueConf Server 5.2.0.10225 (fixed in 5.2.6.10025) allows remote unauthenticated attackers to execute arbitrary SQL commands, ultimately leading to remote code execution.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| TrueConf | TrueConf Server | 5.2.0.10225 | affected |
| TrueConf | TrueConf Server | 5.2.6.10025 <= * | unaffected |
Weaknesses
- CWE-89: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
ADP Enrichment
CVE Program Container
Additional References
- https://solidlab.ru/our-news/145-trueconf.html
- https://github.com/sldlb/public_cve_submissions/blob/main/CVE-2022-46764.txt
- https://vuldb.com/?diff.216845
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
- https://solidlab.ru/our-news/145-trueconf.html
- https://github.com/sldlb/public_cve_submissions/blob/main/CVE-2022-46764.txt
- https://vuldb.com/?diff.216845
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.