Search...

CVE-2003-0779

2003-09-22T00:00:00

ID CVE-2003-0779
Type cve
Reporter NVD
Modified 2008-09-10T15:20:25

Description

SQL injection vulnerability in the Call Detail Record (CDR) logging functionality for Asterisk allows remote attackers to execute arbitrary SQL via a CallerID string.

JSON Vulners Source

Initial Source

{"href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0779", "history": [], "references": ["http://www.atstake.com/research/advisories/2003/a091103-1.txt"], "lastseen": "2016-09-03T04:04:06", "bulletinFamily": "NVD", "title": "CVE-2003-0779", "cpe": ["cpe:/a:digium:asterisk:0.1.9.1", "cpe:/a:digium:asterisk:0.1.7", "cpe:/a:digium:asterisk:0.2", "cpe:/a:digium:asterisk:0.4", "cpe:/a:digium:asterisk:0.1.8", "cpe:/a:digium:asterisk:0.1.9", "cpe:/a:digium:asterisk:0.3"], "viewCount": 0, "id": "CVE-2003-0779", "hash": "07bb82bcd1ba36fd9664f54c798de571ff84998ef1558e3d287a5add016c0064", "description": "SQL injection vulnerability in the Call Detail Record (CDR) logging functionality for Asterisk allows remote attackers to execute arbitrary SQL via a CallerID string.", "edition": 1, "assessment": {"name": "", "href": "", "system": ""}, "cvelist": ["CVE-2003-0779"], "scanner": [], "modified": "2008-09-10T15:20:25", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "objectVersion": "1.2", "reporter": "NVD", "type": "cve", "published": "2003-09-22T00:00:00", "enchantments": {"score": {"value": 7.5, "vector": "NONE", "modified": "2016-09-03T04:04:06"}, "vulnersScore": 7.5}}

{"osvdb": [{"lastseen": "2017-04-28T13:19:57", "references": [], "edition": 1, "description": "## Vulnerability Description\nAsterick contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the \"CallerID\" variable in the Call Detail Records (CDR) module is not verified properly and will allow an attacker to inject or manipulate SQL queries.\n## Solution Description\nUpgrade to version 0.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nAsterick contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the \"CallerID\" variable in the Call Detail Records (CDR) module is not verified properly and will allow an attacker to inject or manipulate SQL queries.\n## References:\nVendor URL: http://www.asterisk.org/\n[Secunia Advisory ID:9718](https://secuniaresearch.flexerasoftware.com/advisories/9718/)\nOther Advisory URL: http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0102.html\nOther Advisory URL: http://www.atstake.com/research/advisories/2003/a091103-1.txt\nISS X-Force ID: 13172\n[CVE-2003-0779](https://vulners.com/cve/CVE-2003-0779)\nBugtraq ID: 8599\n", "reporter": "OSVDB", "published": "2003-09-13T07:30:55", "type": "osvdb", "title": "Asterisk CallerID SQL Injection ", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Asterisk", "version": "0.1.7", "operator": "eq"}, {"name": "Asterisk", "version": "0.1.9", "operator": "eq"}, {"name": "Asterisk", "version": "0.1.9-1", "operator": "eq"}, {"name": "Asterisk", "version": "0.2", "operator": "eq"}, {"name": "Asterisk", "version": "0.1.8", "operator": "eq"}, {"name": "Asterisk", "version": "0.3", "operator": "eq"}, {"name": "Asterisk", "version": "0.4", "operator": "eq"}], "cvelist": ["CVE-2003-0779"], "modified": "2003-09-13T07:30:55", "href": "https://vulners.com/osvdb/OSVDB:2547", "id": "OSVDB:2547", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}