Unrated severityNVD Advisory· Published Nov 30, 2007· Updated Apr 23, 2026

CVE-2007-6171

Description

SQL injection vulnerability in the Postgres Realtime Engine (res_config_pgsql) in Asterisk 1.4.x before 1.4.15 and C.x before C.1.0-beta6 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

Affected products

Digium/Asterisk6 versions
cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*range: >=1.4.0,<1.4.15
- cpe:2.3:a:digium:asterisk:c.1.0:beta1:*:*:business:*:*:*
- cpe:2.3:a:digium:asterisk:c.1.0:beta2:*:*:business:*:*:*
- cpe:2.3:a:digium:asterisk:c.1.0:beta3:*:*:business:*:*:*
- cpe:2.3:a:digium:asterisk:c.1.0:beta4:*:*:business:*:*:*
- cpe:2.3:a:digium:asterisk:c.1.0:beta5:*:*:business:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

downloads.digium.com/pub/security/AST-2007-025.htmlnvdPatchVendor Advisory
secunia.com/advisories/27873nvdThird Party Advisory
securitytracker.com/idnvdThird Party AdvisoryVDB Entry
www.securityfocus.com/archive/1/484387/100/0/threadednvdThird Party AdvisoryVDB Entry
www.securityfocus.com/bid/26645nvdThird Party AdvisoryVDB Entry
www.vupen.com/english/advisories/2007/4055nvdThird Party Advisory
exchange.xforce.ibmcloud.com/vulnerabilities/38766nvdThird Party AdvisoryVDB Entry
osvdb.org/38933nvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000