CVE-2022-46764
CRITICAL WAF: High
CVSS 9.8
Published: 2022-12-27
CWE-89 CWE-89 CWE-89
A SQL injection issue in the web API in TrueConf Server 5.2.0.10225 (fixed in 5.2.6.10025) allows remote unauthenticated attackers to execute arbitrary SQL commands, ultimately leading to remote code execution.
WAF Coverage Analysis
SQL Injection
High WAF Coverage
OWASP: A03:2021 Injection
942xxx - SQL Injection
SQL Injection
High WAF Coverage
OWASP: A03:2021 Injection
942xxx - SQL Injection
SQL Injection
High WAF Coverage
OWASP: A03:2021 Injection
942xxx - SQL Injection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| trueconf | server | up to 5.2.6 |
References
- github.com (Third Party Advisory)
- solidlab.ru (Third Party Advisory)
- vuldb.com