Sql injection

2022-04-1505:15:00

PRIOn knowledge base

www.prio-n.com

9.8 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.8%

JSON

An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection. This is fixed in 16.25.2, 18.11.2, and 19.3.2, and 16.8-cert14.

CPENameOperatorVersion
debian_linuxeq10.0
debian_linuxeq11.0
asteriskge18.0
asterisklt18.11.2
asteriskge19.0.0
asterisklt19.3.2
asteriskge16.0.0
asterisklt16.25.2
certified_asteriskeq16.8
certified_asteriskeq16.8

Name	Operator	Version
debian_linux	eq	10.0
debian_linux	eq	11.0
asterisk	ge	18.0
asterisk	lt	18.11.2
asterisk	ge	19.0.0
asterisk	lt	19.3.2
asterisk	ge	16.0.0
asterisk	lt	16.25.2
certified_asterisk	eq	16.8
certified_asterisk	eq	16.8