CVE-2007-5488

Publication date 17 October 2007

Last updated 17 July 2025

Ubuntu priority

Medium

Why this priority?

Description

Multiple SQL injection vulnerabilities in cdr_addon_mysql in Asterisk-Addons before 1.2.8, and 1.4.x before 1.4.4, allow remote attackers to execute arbitrary SQL commands via the (1) source and (2) destination numbers, and probably (3) SIP URI, when inserting a record.

Read the notes from the security team

Status

Package Ubuntu Release Status
asterisk-addons 7.10 gutsy Not in release
7.04 feisty Not in release
6.10 edgy Not in release
6.06 LTS dapper Not in release

Notes

jdstrand

exists in Debian, so keep track of it

References

Other references

Access our resources on patching vulnerabilities