CallLogDAO in SIP Plugin enables SQL Injection
CallLogDAO in SIP Plugin is using prepared Statements.
But still inserting SQL Query values in the initialization String.
The values MUST be inserted in the prepared Statement via PreparedStatement Instance to prevent SQL Injection.
I've linked the other JIRA issues that relate to the same security advisory to this JIRA issue.