CallLogDAO in SIP Plugin enables SQL Injection

Description

CallLogDAO in SIP Plugin is using prepared Statements.
But still inserting SQL Query values in the initialization String.

The values MUST be inserted in the prepared Statement via PreparedStatement Instance to prevent SQL Injection.

Environment

All

Activity

Show:
Guus der Kinderen
November 12, 2008, 3:41 PM

I've linked the other JIRA issues that relate to the same security advisory to this JIRA issue.

Guus der Kinderen
November 10, 2008, 8:17 PM

This should fix problem #2 as described in http://www.andreas-kurtz.de/advisories/AKADV2008-001-v1.0.txt

Fixed

Assignee

Thiago Rocha Camargo

Reporter

Thiago Rocha Camargo