SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-11-30T01:00:00

Updated: 2024-08-07T15:54:26.987Z

Reserved: 2007-11-29T00:00:00

Link: CVE-2007-6170

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2007-11-30T01:46:00.000

Modified: 2018-10-26T14:17:39.037

Link: CVE-2007-6170

cve-icon Redhat

No data.