CID Superfecta Cache: FREEI-3731 fix is broken


#1

The security fix for CID Superfecta Cache that was pushed last week is broken. On FreePBX 14 it adds cache entries with number = 0 and callerid = :calledid. (You might see different behavior for “number”: mine hasn’t been changed to type VARCHAR yet.) The source for FreePBX 15 has the same errors. Obviously this was never tested before being committed. That’s a huge no-no.

I spent hours yesterday figuring out what is wrong. I’m currently working on a fix.


(TheJames) #2

not upgrading is low risk. The exploit would require a chain of unlikely events.

  1. An attacker knows you are using superfecta
  2. An attacker knows your phone number
  3. An attacker crafts a sql injection in to a caller id string that is actually useful
  4. They know your IP address to access the system

(Kapil Gupta) #3

Hi @bitbanger Please update to the latest superfecta and give try. We have pushed the fix today. thanks.