CVE-2007-5488

Multiple SQL injection vulnerabilities in cdr_addon_mysql in Asterisk-Addons before 1.2.8, and 1.4.x before 1.4.4, allow remote attackers to execute arbitrary SQL commands via the (1) source and (2) destination numbers, and probably (3) SIP URI, when inserting a record.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://downloads.digium.com/pub/security/AST-2007-023.html
http://lists.grok.org.uk/pipermail/full-disclosure/2007-October/066744.html
http://osvdb.org/37880
http://secunia.com/advisories/27278	Vendor Advisory
http://www.securityfocus.com/bid/26095	Exploit
http://www.securitytracker.com/id?1018824
https://exchange.xforce.ibmcloud.com/vulnerabilities/37235
http://downloads.digium.com/pub/security/AST-2007-023.html
http://lists.grok.org.uk/pipermail/full-disclosure/2007-October/066744.html
http://osvdb.org/37880
http://secunia.com/advisories/27278	Vendor Advisory
http://www.securityfocus.com/bid/26095	Exploit
http://www.securitytracker.com/id?1018824
https://exchange.xforce.ibmcloud.com/vulnerabilities/37235

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:asterisk:asterisk-addons::::::::
	cpe:2.3:a:asterisk:asterisk-addons::::::::

History

21 Nov 2024, 00:38

Type	Values Removed	Values Added
References	~~() http://downloads.digium.com/pub/security/AST-2007-023.html -~~	() http://downloads.digium.com/pub/security/AST-2007-023.html -
References	~~() http://lists.grok.org.uk/pipermail/full-disclosure/2007-October/066744.html -~~	() http://lists.grok.org.uk/pipermail/full-disclosure/2007-October/066744.html -
References	~~() http://osvdb.org/37880 -~~	() http://osvdb.org/37880 -
References	~~() http://secunia.com/advisories/27278 - Vendor Advisory~~	() http://secunia.com/advisories/27278 - Vendor Advisory
References	~~() http://www.securityfocus.com/bid/26095 - Exploit~~	() http://www.securityfocus.com/bid/26095 - Exploit
References	~~() http://www.securitytracker.com/id?1018824 -~~	() http://www.securitytracker.com/id?1018824 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/37235 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/37235 -

Information

Published : 2007-10-17 23:17

Updated : 2025-04-09 00:30

NVD link : CVE-2007-5488

Mitre link : CVE-2007-5488

CVE.ORG link : CVE-2007-5488

JSON object : View

Products Affected

asterisk

asterisk-addons

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

7.5 /10