Headline
CVE-2022-46763: public_cve_submissions/CVE-2022-46763.txt at main · sldlb/public_cve_submissions
A SQL injection issue in a database stored function in TrueConf Server 5.2.0.10225 allows a low-privileged database user to execute arbitrary SQL commands as the database administrator, resulting in execution of arbitrary code.
[Suggested description]
An SQL injection issue in a database stored function in TrueConf Server
5.2.0.10225 allows a low-privileged database user to execute arbitrary
SQL commands as the database administrator, resulting in execution of
arbitrary code.
------------------------------------------
[Vulnerability Type]
SQL Injection
------------------------------------------
[Vendor of Product]
TrueConf LLC
------------------------------------------
[Affected Product Code Base]
TrueConf Server - v5.2.0.10225
------------------------------------------
[Attack Type]
Local
------------------------------------------
[Impact Code execution]
true
------------------------------------------
[Impact Escalation of Privileges]
true
------------------------------------------
[Attack Vectors]
Database stored function
------------------------------------------
[Has vendor confirmed or acknowledged the vulnerability?]
true
------------------------------------------
[Discoverer]
Andrey Sitnikov, Sergey Gerasimov, George Noseevich of SolidLab LLC
------------------------------------------
[Reference]
https://trueconf.com
https://trueconf.ru/products/server/changelog.html
https://solidlab.ru/our-news/145-trueconf.html