cbcvebase.
CVE-2007-6170
published 2007-11-30

CVE-2007-6170: SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before…

PriorityP433medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EPSS
2.81%
84.7th percentile
SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments.

Affected

8 ranges
VendorProductVersion rangeFixed in
debianasterisk< asterisk 1:1.4.15~dfsg-1 (bullseye)asterisk 1:1.4.15~dfsg-1 (bullseye)
debiandebian_linux
debiandebian_linux
digiumasterisk
digiumasterisk>= 0 < 1:1.4.15~dfsg-11:1.4.15~dfsg-1
digiumasterisk>= 1.2.0 < 1.2.251.2.25
digiumasterisk>= 1.4.0 < 1.4.151.4.15
digiumasterisk>= b.2.3.0 < b.2.3.4b.2.3.4

CVSS provenance

nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
osv6.5MEDIUM
vendor_debian6.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.