On Kamailio Search Database Tab, it is possible to Inject malicious SQL instructions.
[ POC ] Table.Column: subscriber.id Comparison: Value: 1’; DELETE from speed_dial; — [ End POC ]
See attached file.
(from redmine: issue id 2103, created on 2013-06-18, closed on 2013-08-05)