An issue exists in Asterisk up to and including 19.x and Certified Asterisk up to and including 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection. This is fixed in 16.25.2, 18.11.2, and 19.3.2, and 16.8-cert14.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
digium certified asterisk 16.8 |
||
digium asterisk |
||
debian debian linux 10.0 |
||
debian debian linux 11.0 |