CVE-2007-5488

Publication date 17 October 2007

Last updated 24 July 2024


Ubuntu priority

Multiple SQL injection vulnerabilities in cdr_addon_mysql in Asterisk-Addons before 1.2.8, and 1.4.x before 1.4.4, allow remote attackers to execute arbitrary SQL commands via the (1) source and (2) destination numbers, and probably (3) SIP URI, when inserting a record.

Read the notes from the security team

Status

Package Ubuntu Release Status
asterisk-addons 7.10 gutsy Not in release
7.04 feisty Not in release
6.10 edgy Not in release
6.06 LTS dapper Not in release

Notes


jdstrand

exists in Debian, so keep track of it