asterisk-addons

2007-10-25

Page content

Author: voroskoi
Vulnerable: 1.4.2-1
Unaffected: 1.4.4-1sayshell1

A vulnerability has been reported in Asterisk-Addons, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the source and destination numbers are not properly sanitised in the “cdr_addon_mysql” module before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Bug Tracker URL: http://bugs.frugalware.org/task/2506

CVEs:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5488