VDB
CVE-2007-6170
CVE-2007-6170
PUBLISHED
CVSS 6.5 MEDIUM
SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments.
EPSS 0.37% · 59.0th percentile
Risk Scores
CVSS 2.0
6.5
EPSS Score
0.37%
59.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| digium | asterisk | *, 1.2.0, 1.4.0 |
| n/a | n/a | n/a |
| debian | debian_linux | 3.1, 4.0 |
Timeline
- Nov 30, 2007 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
References
- 29782 third-party-advisory
- GLSA-200804-13 vendor-advisory
- 29242 third-party-advisory
- 27892 third-party-advisory
- 20071129 AST-2007-026 - SQL Injection issue in cdr_pgsql mailing-list
- http://downloads.digium.com/pub/security/AST-2007-026.html url
- SUSE-SR:2008:005 vendor-advisory
- 1019020 vdb
- 26647 vdb
- DSA-1417 vendor-advisory
- 27827 third-party-advisory
- asterisk-cdrpqsql-sql-injection(38765) vdb
- ADV-2007-4056 vdb
- https://nvd.nist.gov/vuln/detail/CVE-2007-6170 advisory