Remote Code Execution via SQL Injection in TrueConf Server 5.2.0.10225

Remote Code Execution via SQL Injection in TrueConf Server 5.2.0.10225

CVE-2022-46764 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

A SQL injection issue in the web API in TrueConf Server 5.2.0.10225 allows remote unauthenticated attackers to execute arbitrary SQL commands, ultimately leading to remote code execution.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.