TROYANOSYVIRUS
Voltar para CVEs

CVE-2022-46764

CRITICAL
9.8

Descricao

A SQL injection issue in the web API in TrueConf Server 5.2.0.10225 (fixed in 5.2.6.10025) allows remote unauthenticated attackers to execute arbitrary SQL commands, ultimately leading to remote code execution.

Detalhes CVE

Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado12/27/2022
Ultima modificacao2/27/2026
Fontenvd
Avistamentos honeypot0

Produtos afetados

microsoft:windowstrueconf:server

Fraquezas (CWE)

CWE-89CWE-89CWE-89

Referencias

https://github.com/sldlb/public_cve_submissions/blob/main/CVE-2022-46764.txt(cve@mitre.org)
https://solidlab.ru/our-news/145-trueconf.html(cve@mitre.org)
https://vuldb.com/?diff.216845(cve@mitre.org)
https://github.com/sldlb/public_cve_submissions/blob/main/CVE-2022-46764.txt(af854a3a-2127-422b-91ae-364da2661108)
https://solidlab.ru/our-news/145-trueconf.html(af854a3a-2127-422b-91ae-364da2661108)
https://vuldb.com/?diff.216845(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.