Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple SQL injection vulnerabilities in cdr_addon_mysql in Asterisk-Addons before 1.2.8, and 1.4.x before 1.4.4, allow remote attackers to execute arbitrary SQL commands via the (1) source and (2) destination numbers, and probably (3) SIP URI, when inserting a record.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Asterisk cdr_addon_mysql插件SQL注入漏洞
Vulnerability Description
Asterisk是开放源码的软件PBX,支持各种VoIP协议和设备。 Asterisk的cdr_addon_mysql模块实现上存在输入验证漏洞,远程攻击者可能利用此漏洞非授权操作数据库。 Asterisk的cdr_addon_mysql模块在插入记录时没有正确地转义指定呼叫的源和目标号码,发送给运行了该模块的Asterisk系统特制的目标号码可能导致SQL注入攻击。如果用户在使用实时数据的话,由于数据可能与插入呼叫记录处于同一数据库中,因此可能会导致各种数据破坏和失效等问题。
CVSS Information
N/A
Vulnerability Type
N/A