FreePBX admin/cdr/call-comp.php 'dst' Parameter SQLi

high Nessus Plugin ID 49998

Synopsis

The remote web server hosts a web application that is affected by a SQL injection vulnerability.

Description

The version of FreePBX installed on the remote host is affected by a SQL injection vulnerability involving the 'dst' parameter as used in the 'admin/cdr/call-comp.php' script.

An unauthenticated, remote attacker can leverage this issue to launch a SQL injection attack against the affected application, leading to authentication bypass, discovery of sensitive information, attacks against the underlying database, and the like.

Note that it may also be possible to exploit this vulnerability via other parameters, though Nessus has not tested these.

Solution

Apply the patch referenced in changeset 10274. Note that this patch forces the affected scripts to require authentication but does not close the vulnerability.

See Also

https://seclists.org/fulldisclosure/2010/Sep/343

http://code.freepbx.org/changelog/FreePBX_SVN?cs=10274

Plugin Details

Severity: High

ID: 49998

File Name: freepbx_call_comp_sqli.nasl

Version: 1.12

Type: remote

Family: CGI abuses

Published: 10/18/2010

Updated: 6/5/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus

Enable CGI Scanning: true

Vulnerability Information

CPE: cpe:/a:freepbx:freepbx

Required KB Items: www/PHP, installed_sw/FreePBX

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/15/2010

Vulnerability Publication Date: 9/21/2010

Reference Information

BID: 43375

SECUNIA: 41558