CVE-2007-5488
Asterisk-addons < 1.2.7 - SQL Injection
Title source: ruleDescription
Multiple SQL injection vulnerabilities in cdr_addon_mysql in Asterisk-Addons before 1.2.8, and 1.4.x before 1.4.4, allow remote attackers to execute arbitrary SQL commands via the (1) source and (2) destination numbers, and probably (3) SIP URI, when inserting a record.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Humberto J. Abdelnur · perlremotelinux
https://www.exploit-db.com/exploits/30677
References (7)
Scores
EPSS
0.0089
EPSS Percentile
75.6%
Details
CWE
CWE-89
Status
published
Products (1)
asterisk/asterisk-addons
< 1.2.7
Published
Oct 17, 2007
Tracked Since
Feb 18, 2026