Sql injection

2007-11-3001:46:00

PRIOn knowledge base

www.prio-n.com

8.1 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

59.5%

JSON

SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments.

CPENameOperatorVersion
debian_linuxeq3.1
debian_linuxeq4.0
asteriskge1.2.0
asterisklt1.2.25
asteriskge1.4.0
asterisklt1.4.15
asteriskeq>= b.2.3.0 AND < b.2.3.4
asteriskeqc.1.0 beta1
asteriskeqc.1.0 beta2
asteriskeqc.1.0 beta3

Name	Operator	Version
debian_linux	eq	3.1
debian_linux	eq	4.0
asterisk	ge	1.2.0
asterisk	lt	1.2.25
asterisk	ge	1.4.0
asterisk	lt	1.4.15
asterisk	eq	>= b.2.3.0 AND < b.2.3.4
asterisk	eq	c.1.0 beta1
asterisk	eq	c.1.0 beta2
asterisk	eq	c.1.0 beta3