CVE-2024-8503 Information

Description

An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial to enumerate database records. By default VICIdial stores plaintext credentials within the database.

Reference

https://korelogic.com/Resources/Advisories/KL-001-2024-011.txt https://www.vicidial.org/vicidial.php