SQL Injection Vulnerability in Asterisk-Addons by Digium
CVE-2007-5488

Currently unrated

Key Information:

Vendor: Asterisk
Status: Asterisk-addons
Vendor: CVE Published:; 17 October 2007

What is CVE-2007-5488?

A vulnerability exists in the cdr_addon_mysql component of Asterisk-Addons that allows remote attackers to execute arbitrary SQL commands. This exploitation occurs when inserting records, specifically through manipulation of the source and destination numbers, as well as potentially the SIP URI. If attackers succeed, they can gain unauthorized access to sensitive information or manipulate the database.

References

http://osvdb.org/37880

vdb-entryx_refsource_OSVDB

https://exchange.xforce.ibmcloud.com/vulnerabilities/37235

vdb-entryx_refsource_XF

http://www.securitytracker.com/id?1018824

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Oct 17, 2007
Vulnerability Reserved
Oct 16, 2007