CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2022-46764
https://notcve.org/view.php?id=CVE-2022-46764
A SQL injection issue in the web API in TrueConf Server 5.2.0.10225 allows remote unauthenticated attackers to execute arbitrary SQL commands, ultimately leading to remote code execution. Un problema de inyección SQL en la API web en TrueConf Server 5.2.0.10225 permite a atacantes remotos no autenticados ejecutar comandos SQL arbitrarios, lo que en última instancia conduce a la ejecución remota de código. • https://github.com/sldlb/public_cve_submissions/blob/main/CVE-2022-46764.txt https://solidlab.ru/our-news/145-trueconf.html https://vuldb.com/?diff.216845 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-46763
https://notcve.org/view.php?id=CVE-2022-46763
A SQL injection issue in a database stored function in TrueConf Server 5.2.0.10225 allows a low-privileged database user to execute arbitrary SQL commands as the database administrator, resulting in execution of arbitrary code. Un problema de inyección SQL en una función almacenada de base de datos en TrueConf Server 5.2.0.10225 permite a un usuario de base de datos con pocos privilegios ejecutar comandos SQL arbitrarios como administrador de la base de datos, lo que resulta en la ejecución de código arbitrario. • https://github.com/sldlb/public_cve_submissions/blob/main/CVE-2022-46763.txt https://solidlab.ru/our-news/145-trueconf.html https://vuldb.com/?diff.216851 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-20120 – TrueConf Server cross-site request forgery
https://notcve.org/view.php?id=CVE-2017-20120
A vulnerability classified as problematic was found in TrueConf Server 4.3.7. This vulnerability affects unknown code of the file /admin/service/stop/. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?id.96634 https://www.exploit-db.com/exploits/41184 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-20119 – TrueConf Server change-lang redirect
https://notcve.org/view.php?id=CVE-2017-20119
A vulnerability classified as problematic has been found in TrueConf Server 4.3.7. This affects an unknown part of the file /admin/general/change-lang. The manipulation of the argument redirect_url leads to open redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?id.96633 https://www.exploit-db.com/exploits/41184 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2017-20118 – TrueConf Server DOM cross site scripting
https://notcve.org/view.php?id=CVE-2017-20118
A vulnerability was found in TrueConf Server 4.3.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/conferences/list/. The manipulation of the argument domxss leads to basic cross site scripting (DOM). The attack may be launched remotely. • https://vuldb.com/?id.96632 https://www.exploit-db.com/exploits/41184 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •