Leandro Dardini

#25128of 53,635
9.8Total CVSS
Vulnerabilities · 1
PT-2022-17984
9.8
2020-07-06
Sangoma · Asterisk · CVE-2022-26651
**Name of the Vulnerable Software and Affected Versions** Asterisk versions prior to 16.25.2 Asterisk versions prior to 18.11.2 Asterisk versions prior to 19.3.2 Certified Asterisk versions prior to 16.8-cert14 **Description** An issue was discovered in the func odbc module, which provides possibly inadequate escaping functionality for backslash characters in SQL queries. This could result in user-provided data creating a broken SQL query or possibly a SQL injection. **Recommendations** For Asterisk versions prior to 16.25.2, update to version 16.25.2 or later. For Asterisk versions prior to 18.11.2, update to version 18.11.2 or later. For Asterisk versions prior to 19.3.2, update to version 19.3.2 or later. For Certified Asterisk versions prior to 16.8-cert14, update to version 16.8-cert14 or later. As a temporary workaround, consider disabling the func odbc module until a patch is available.