Title : Asterisk Postgres Realtime Engine Remote SQL Injection Vulnerability VUPEN ID : VUPEN/ADV-2007-4055 CVE ID : CVE-2007-6171
Rated as : Moderate Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2007-12-03
Technical Description
A vulnerability has been identified in Asterisk, which could be exploited by attackers to execute arbitrary SQL queries. This issue is caused by an input validation error in the Postgres Realtime Engine when processing user-supplied data, which could be exploited by malicious people to conduct SQL injection attacks.
Note : The affected module is disabled by default.
