Андрей Ситников

**Name of the Vulnerable Software and Affected Versions** TrueConf Server version 5.2.0.10225 **Description** A SQL injection issue in a database stored function allows a low-privileged database user to execute arbitrary SQL commands as the database administrator, resulting in execution of arbitrary code. **Recommendations** For TrueConf Server version 5.2.0.10225, consider restricting database access to prevent low-privileged users from executing arbitrary SQL commands until a patch is available. As a temporary workaround, limit the privileges of the database user to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TrueConf Server version 5.2.0.10225 **Description** A SQL injection issue in the web API allows remote unauthenticated attackers to execute arbitrary SQL commands, ultimately leading to remote code execution. **Recommendations** For TrueConf Server version 5.2.0.10225, consider disabling the web API until a patch is available to prevent remote code execution. Restrict access to the web API to minimize the risk of exploitation. Avoid using the web API for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.