CVE-2022-46763
HIGH WAF: High
CVSS 8.8
Published: 2022-12-27
CWE-89 CWE-89 CWE-89
A SQL injection issue in a database stored function in TrueConf Server 5.2.0.10225 (fixed in 5.2.6.10025) allows a low-privileged database user to execute arbitrary SQL commands as the database administrator, resulting in execution of arbitrary code.
WAF Coverage Analysis
SQL Injection
High WAF Coverage
OWASP: A03:2021 Injection
942xxx - SQL Injection
SQL Injection
High WAF Coverage
OWASP: A03:2021 Injection
942xxx - SQL Injection
SQL Injection
High WAF Coverage
OWASP: A03:2021 Injection
942xxx - SQL Injection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| trueconf | server | up to 5.2.6 |
References
- github.com (Third Party Advisory)
- solidlab.ru (Third Party Advisory)
- vuldb.com