SQL Injection vulnerabilities in cdr_addon_mysql
ottobre 21st. News October 21st. 2007, 3:22 pmAt the source number and destination for each call are not added properly escape codes prior to inserting in the database module cdr_addon_mysql. So sending - to an Asterisk system with the module loaded cdr_addon_mysql - a destination phone number specifically amended, makes it possible to create another query. This vulnerability becomes more serious if you use real-time extensions, since the system realtime data may be on the same database that hosts the CDRs.
The bug was fixed in the latest version of asterisk-addons. And 'for this recommended update.
More information about the asterisk site: AST-2007-023
![[Del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif){kind=small}
Tags: Call Center Systems | VoIP PBX | Asterisk Consultant Naples | PBX Phone | VoIP | Asterisk CTI | PBX | IP Phones | Networking | Linux
Development of IVR systems, call center, VoIP PBX.
