cbcvebase.
CVE-2007-6171
published 2007-11-30

CVE-2007-6171: SQL injection vulnerability in the Postgres Realtime Engine (res_config_pgsql) in Asterisk 1.4.x before 1.4.15 and C.x before C.1.0-beta6 allows remote…

PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
2.66%
83.8th percentile
SQL injection vulnerability in the Postgres Realtime Engine (res_config_pgsql) in Asterisk 1.4.x before 1.4.15 and C.x before C.1.0-beta6 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

Affected

4 ranges
VendorProductVersion rangeFixed in
debianasterisk< asterisk 1:1.4.15~dfsg-1 (bullseye)asterisk 1:1.4.15~dfsg-1 (bullseye)
digiumasterisk
digiumasterisk>= 0 < 1:1.4.15~dfsg-11:1.4.15~dfsg-1
digiumasterisk>= 1.4.0 < 1.4.151.4.15

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.