Search for vulnerabilities
Vulnerability details: VCID-fpdq-3rw2-aaaf
Vulnerability ID VCID-fpdq-3rw2-aaaf
Aliases CVE-2007-6170
Summary SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments.
Status Published
Exploitability 0.5
Weighted Severity 5.9
Risk 3.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
System Score Found at
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00229 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00246 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00270 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00270 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00270 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00270 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00270 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00270 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00270 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00270 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00270 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00270 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00270 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00270 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00369 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00369 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00369 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00369 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00369 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.00778 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.01054 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.01127 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.01127 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
epss 0.01127 https://api.first.org/data/v1/epss?cve=CVE-2007-6170
generic_textual MODERATE http://secunia.com/advisories/29242
cvssv2 6.5 https://nvd.nist.gov/vuln/detail/CVE-2007-6170
Reference id Reference type URL
http://downloads.digium.com/pub/security/AST-2007-026.html
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
https://api.first.org/data/v1/epss?cve=CVE-2007-6170
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6170
http://secunia.com/advisories/27827
http://secunia.com/advisories/27892
http://secunia.com/advisories/29242
http://secunia.com/advisories/29782
http://security.gentoo.org/glsa/glsa-200804-13.xml
http://securitytracker.com/id?1019020
https://exchange.xforce.ibmcloud.com/vulnerabilities/38765
http://www.debian.org/security/2007/dsa-1417
http://www.securityfocus.com/archive/1/484388/100/0/threaded
http://www.securityfocus.com/bid/26647
http://www.vupen.com/english/advisories/2007/4056
cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:*:*:*:*:business:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:*:*:*:*:business:*:*:*
cpe:2.3:a:digium:asterisk:c.1.0:beta1:*:*:business:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:c.1.0:beta1:*:*:business:*:*:*
cpe:2.3:a:digium:asterisk:c.1.0:beta2:*:*:business:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:c.1.0:beta2:*:*:business:*:*:*
cpe:2.3:a:digium:asterisk:c.1.0:beta3:*:*:business:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:c.1.0:beta3:*:*:business:*:*:*
cpe:2.3:a:digium:asterisk:c.1.0:beta4:*:*:business:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:c.1.0:beta4:*:*:business:*:*:*
cpe:2.3:a:digium:asterisk:c.1.0:beta5:*:*:business:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:c.1.0:beta5:*:*:business:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
CVE-2007-6170 https://nvd.nist.gov/vuln/detail/CVE-2007-6170
GLSA-200804-13 https://security.gentoo.org/glsa/200804-13
No exploits are available.
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2007-6170
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.42796
EPSS Score 0.00229
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.