CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4 matches found

seebug.org•added 2008/04/23 12:0 a.m.•55 views

Asterisk CDR_PGSQL SQL注入漏洞

BUGTRAQ ID: 26647 CVECAN ID: CVE-2007-6170 Asterisk是开放源码的软件PBX，支持各种VoIP协议和设备。 Asterisk在向Call Detail Record Postgres日志引擎（cdrpgsql）提供ANI和DNIS字符串时Asterisk没有正确地转义输入，这允许远程攻击者通过提交恶意SQL查询请求完全入侵包含有用户名和口令的管理数据库。 cdrpgsql不是默认启用的，必须由管理员手动配置，因此默认的Asterisk安装不受影响。 Asterisk Asterisk 1.4.x Asterisk Asterisk 1.2....

6.5CVSS0.8AI score0.00367EPSS

Exploits1

UbuntuCve•added 2007/11/30 1:46 a.m.•25 views

CVE-2007-6170

SQL injection vulnerability in the Call Detail Record Postgres logging engine cdrpgsql in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via 1 ANI and 2 DNIS arguments...

6.5CVSS6.2AI score0.00367EPSS

Exploits1References1