QwikSec

Security Database

CVE

CWE

Training

CVE-2022-26651

Published: Apr 15, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection. This is fixed in 16.25.2, 18.11.2, and 19.3.2, and 16.8-cert14.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://downloads.asterisk.org/pub/security/

https://downloads.asterisk.org/pub/security/AST-2022-003.html

http://packetstormsecurity.com/files/166746/Asterisk-Project-Security-Advisory-AST-2022-003.html

[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update

mailing-list

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.