Asterisk suffers from a possible remote SQL injection vulnerability. Some databases can use backslashes to escape certain characters, such as backticks. If input is provided to func_odbc which includes backslashes it is possible for func_odbc to construct a broken SQL query and the SQL query to fail. Asterisk Open Source versions 16.x up to but not including 16.25.2, 18.x up to but not including 18.11.2, and 19.x up to but not including 19.3.2 are affected. Certified Asterisk versions 16.x up to but not including 16.8-cert14 are affected.
Support the originator by clicking the read the rest link below.
![Supercon 2023: [Cory Doctorow] with an Audacious Plan to Halt the Internet’s Enshittification and Throw It Into Reverse](upload/news/image_1727978416_96872920.jpg)