Asterisk cdr_addon_mysql SQL injection
Published:		18.10.2007
Source:		BUGTRAQ
SecurityVulns ID:		8271
Type:		remote
Level:		5/10
Description:		SQL injection with destination number.

Affected:		ASTERISK : Asterisk 1.2
		ASTERISK : Asterisk 1.4
		ASTERISK : Asterisk s800i
CVE:		CVE-2007-5488 (Multiple SQL injection vulnerabilities in cdr_addon_mysql in Asterisk-Addons before 1.2.8, and 1.4.x before 1.4.4, allow remote attackers to execute arbitrary SQL commands via the (1) source and (2) destination numbers, and probably (3) SIP URI, when inserting a record.)

Original document

ASTERISK, AST-2007-023 - SQL Injection Vulnerabilty in cdr_addon_mysql (18.10.2007)

Files:		Exploits Asterisk cdr_addon_mysql CSS
Discuss:		Read or add your comments to this news (0 comments)