Описание
SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | not-affected | |
| edgy | ignored | end of life, was needs-triage |
| feisty | ignored | end of life, was needs-triage |
| gutsy | ignored | end of life, was needs-triage |
| hardy | not-affected | |
| intrepid | not-affected | |
| jaunty | not-affected | |
| karmic | not-affected | |
| upstream | released | 1.4.15 and 1.2.25 |
Показывать по
Ссылки на источники
EPSS
6.5 Medium
CVSS2
Связанные уязвимости
SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments.
SQL injection vulnerability in the Call Detail Record Postgres logging ...
SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments.
EPSS
6.5 Medium
CVSS2