Vulnerability Description
A SQL injection issue in the web API in TrueConf Server 5.2.0.10225 (fixed in 5.2.6.10025) allows remote unauthenticated attackers to execute arbitrary SQL commands, ultimately leading to remote code execution.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Trueconf | Server | < 5.2.6 |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://github.com/sldlb/public_cve_submissions/blob/main/CVE-2022-46764.txtThird Party Advisory
- https://solidlab.ru/our-news/145-trueconf.htmlThird Party Advisory
- https://vuldb.com/?diff.216845
- https://github.com/sldlb/public_cve_submissions/blob/main/CVE-2022-46764.txtThird Party Advisory
- https://solidlab.ru/our-news/145-trueconf.htmlThird Party Advisory
- https://vuldb.com/?diff.216845
FAQ
What is CVE-2022-46764?
CVE-2022-46764 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A SQL injection issue in the web API in TrueConf Server 5.2.0.10225 (fixed in 5.2.6.10025) allows remote unauthenticated attackers to execute arbitrary SQL commands, ultimately leading to remote code ...
How severe is CVE-2022-46764?
CVE-2022-46764 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-46764?
Check the references section above for vendor advisories and patch information. Affected products include: Trueconf Server, Microsoft Windows.