Vulnerability CVE-2024-8503


Published: 2024-09-10

Description:
An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial to enumerate database records. By default, VICIdial stores plaintext credentials within the database.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
VICIdial 2.14-917a SQL Injection
Jaggar Henry
13.10.2024

Type:

CWE-89

(Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'))

 References:
https://korelogic.com/Resources/Advisories/KL-001-2024-011.txt
https://www.vicidial.org/vicidial.php

Copyright 2024, cxsecurity.com

 

Back to Top