Multiple SQL injection vulnerabilities in cdr_addon_mysql in Asterisk-Addons prior to 1.2.8, and 1.4.x prior to 1.4.4, allow remote malicious users to execute arbitrary SQL commands via the (1) source and (2) destination numbers, and probably (3) SIP URI, when inserting a record.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
asterisk asterisk-addons |