CVE-2022-46763 - Vulnerability Details - OpenCVE

ReportizFlow

A SQL injection issue in a database stored function in TrueConf Server 5.2.0.10225 allows a low-privileged database user to execute arbitrary SQL commands as the database administrator, resulting in execution of arbitrary code.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Windows
Trueconf	Server

Configuration 1 [-]

AND

cpe:2.3:a:trueconf:server:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/sldlb/public_cve_submissions/blob/main/CVE-2022-46763.txt
https://solidlab.ru/our-news/145-trueconf.html
https://vuldb.com/?diff.216851

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-12-27T00:00:00

Updated: 2024-08-03T14:39:38.663Z

Reserved: 2022-12-07T00:00:00

Link: CVE-2022-46763

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-12-27T01:15:10.993

Modified: 2024-11-21T07:31:01.117

Link: CVE-2022-46763

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:trueconf:server:*:*:*:*:*:*:*:*", "matchCriteriaId": "CF17729B-4DE3-41D1-B682-07C6DF1847CF", "versionEndExcluding": "5.2.6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A SQL injection issue in a database stored function in TrueConf Server 5.2.0.10225 allows a low-privileged database user to execute arbitrary SQL commands as the database administrator, resulting in execution of arbitrary code."}, {"lang": "es", "value": "Un problema de inyecci\u00f3n SQL en una funci\u00f3n almacenada de base de datos en TrueConf Server 5.2.0.10225 permite a un usuario de base de datos con pocos privilegios ejecutar comandos SQL arbitrarios como administrador de la base de datos, lo que resulta en la ejecuci\u00f3n de c\u00f3digo arbitrario."}], "id": "CVE-2022-46763", "lastModified": "2024-11-21T07:31:01.117", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "[email protected]", "type": "Primary"}]}, "published": "2022-12-27T01:15:10.993", "references": [{"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://github.com/sldlb/public_cve_submissions/blob/main/CVE-2022-46763.txt"}, {"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://solidlab.ru/our-news/145-trueconf.html"}, {"source": "[email protected]", "url": "https://vuldb.com/?diff.216851"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/sldlb/public_cve_submissions/blob/main/CVE-2022-46763.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://solidlab.ru/our-news/145-trueconf.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://vuldb.com/?diff.216851"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "[email protected]", "type": "Primary"}]}