CVE-2022-46764

critical

Description

A SQL injection issue in the web API in TrueConf Server 5.2.0.10225 (fixed in 5.2.6.10025) allows remote unauthenticated attackers to execute arbitrary SQL commands, ultimately leading to remote code execution.

References

Advisories
More

https://solidlab.ru/our-news/145-trueconf.html

https://github.com/sldlb/public_cve_submissions/blob/main/CVE-2022-46764.txt

https://vuldb.com/?diff.216845

Details

Source: Mitre, NVD

Published: 2022-12-27

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H