CallLogDAO in SIP Plugin enables SQL Injection

Description

CallLogDAO in SIP Plugin is using prepared Statements.
But still inserting SQL Query values in the initialization String.

The values MUST be inserted in the prepared Statement via PreparedStatement Instance to prevent SQL Injection.

Environment

All

Activity

Show:

Guus der Kinderen 
November 12, 2008 at 3:41 PM

I've linked the other JIRA issues that relate to the same security advisory to this JIRA issue.

Guus der Kinderen 
November 10, 2008 at 8:17 PM

This should fix problem #2 as described in http://www.andreas-kurtz.de/advisories/AKADV2008-001-v1.0.txt

Fixed

Details

Assignee

Reporter

Original estimate

Time tracking

No time logged4h remaining

Components

Fix versions

Priority

Created November 10, 2008 at 8:00 PM
Updated November 14, 2008 at 2:35 PM
Resolved November 14, 2008 at 2:35 PM