SQL Injection in Netfortris Trixbox
CVE-2010-0702
SQL injection vulnerability in cisco/services/PhonecDirectory.php in Fonality Trixbox 2.2.4 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
Vulnerability class: SQL Injection
EPSS: 0.005 (67.6th percentile) — read the EPSS interpretation.
Affected products
- Netfortris Trixbox — versions 2.2.4
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (Exploit, x_refsource_MISC)
- 11508 (Exploit, VDB Entry, Third Party Advisory, exploit, x_refsource_EXPLOIT-DB)
- 38323 (Exploit, VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
- trixbox-phonedirectory-sql-injection(56407) (VDB Entry, vdb-entry, x_refsource_XF)