Headline
CVE-2022-46764: public_cve_submissions/CVE-2022-46764.txt at main · sldlb/public_cve_submissions
A SQL injection issue in the web API in TrueConf Server 5.2.0.10225 allows remote unauthenticated attackers to execute arbitrary SQL commands, ultimately leading to remote code execution.
[Suggested description]
An SQL injection issue in the web API in TrueConf Server 5.2.0.10225 allows remote
unauthenticated attackers to execute arbitrary SQL commands, ultimately
leading to remote code execution.
------------------------------------------
[Vulnerability Type]
SQL Injection
------------------------------------------
[Vendor of Product]
TrueConf LLC
------------------------------------------
[Affected Product Code Base]
TrueConf Server - v5.2.0.10225
------------------------------------------
[Affected Component]
Web API
------------------------------------------
[Attack Type]
Remote
------------------------------------------
[Impact Code execution]
true
------------------------------------------
[Impact Escalation of Privileges]
true
------------------------------------------
[Has vendor confirmed or acknowledged the vulnerability?]
true
------------------------------------------
[Discoverer]
Andrey Sitnikov, Sergey Gerasimov, George Noseevich of SolidLab LLC
------------------------------------------
[Reference]
https://trueconf.com
https://trueconf.ru/products/server/changelog.html
https://solidlab.ru/our-news/145-trueconf.html