描述
SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments.
AI分析AI驱动
受影响产品
digiumasterisk
digiumasterisk
digiumasterisk
digiumasterisk
c.1.0
digiumasterisk
c.1.0
digiumasterisk
c.1.0
digiumasterisk
c.1.0
digiumasterisk
c.1.0
debiandebian_linux
3.1
debiandebian_linux
4.0
参考资料
- http://downloads.digium.com/pub/security/AST-2007-026.htmlPatchVendor Advisory
- http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.htmlThird Party Advisory
- http://secunia.com/advisories/27827Third Party Advisory
- http://secunia.com/advisories/27892Third Party Advisory
- http://secunia.com/advisories/29242Third Party Advisory
- http://secunia.com/advisories/29782Third Party Advisory
- http://security.gentoo.org/glsa/glsa-200804-13.xmlThird Party Advisory
- http://securitytracker.com/id?1019020Third Party AdvisoryVDB Entry
- http://www.debian.org/security/2007/dsa-1417Third Party Advisory
- http://www.securityfocus.com/archive/1/484388/100/0/threadedThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/26647Third Party AdvisoryVDB Entry
- http://www.vupen.com/english/advisories/2007/4056Third Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38765Third Party AdvisoryVDB Entry
- http://downloads.digium.com/pub/security/AST-2007-026.htmlPatchVendor Advisory
- http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.htmlThird Party Advisory
- http://secunia.com/advisories/27827Third Party Advisory
- http://secunia.com/advisories/27892Third Party Advisory
- http://secunia.com/advisories/29242Third Party Advisory
- http://secunia.com/advisories/29782Third Party Advisory
- http://security.gentoo.org/glsa/glsa-200804-13.xmlThird Party Advisory