CVE-2007-6170

SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:*:*:*:*:business:*:*:*
cpe:2.3:a:digium:asterisk:c.1.0:beta1:*:*:business:*:*:*
cpe:2.3:a:digium:asterisk:c.1.0:beta2:*:*:business:*:*:*
cpe:2.3:a:digium:asterisk:c.1.0:beta4:*:*:business:*:*:*
cpe:2.3:a:digium:asterisk:c.1.0:beta3:*:*:business:*:*:*
cpe:2.3:a:digium:asterisk:c.1.0:beta5:*:*:business:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*

Information

Published : 2007-11-29 17:46

Updated : 2018-10-26 07:17


NVD link : CVE-2007-6170

Mitre link : CVE-2007-6170


JSON object : View

CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Advertisement

dedicated server usa

Products Affected

debian

  • debian_linux

digium

  • asterisk