Lucene search
KoreLogicCVELIST:CVE-2024-8503HistorySep 10, 2024 - 7:22 p.m.
CVE-2024-8503 VICIdial Unauthenticated SQL Injection
2024-09-1019:22:40
CWE-89
KoreLogic
www.cve.org
4
vicidial
sql injection
unauthenticated
EPSS
0.003
Percentile
65.6%
An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial to enumerate database records. By default, VICIdial stores plaintext credentials within the database.
CNA Affected
[
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "VICIdial",
"vendor": "VICIdial",
"versions": [
{
"status": "affected",
"version": "2.14-917a"
}
]
}
]Related
packetstorm
packetstorm
VICIdial 2.14-917a SQL Injection
2024-09-11 00:00:00
VICIdial 2.14-917a Remote Code Execution
2024-09-11 00:00:00
cve
cve
CVE-2024-8503
2024-09-10 20:15:05
CVE-2024-8504
2024-09-10 20:15:05
nvd
nvd
CVE-2024-8503
2024-09-10 20:15:05
CVE-2024-8504
2024-09-10 20:15:05
vulnrichment
vulnrichment
CVE-2024-8503 VICIdial Unauthenticated SQL Injection
2024-09-10 19:22:40
CVE-2024-8504 VICIdial Authenticated Remote Code Execution
2024-09-10 19:23:39
korelogic
korelogic
VICIdial Unauthenticated SQL Injection
2024-09-10 00:00:00
VICIdial Authenticated Remote Code Execution
2024-09-10 00:00:00
zdt
zdt
VICIdial 2.14-917a SQL Injection Vulnerability
2024-09-11 00:00:00
VICIdial 2.14-917a Remote Code Execution Vulnerability
2024-09-11 00:00:00
metasploit
metasploit
Vicidial SQL Injection Time-based Admin Credentials Enumeration
2024-09-11 00:25:31
githubexploit
githubexploit
Exploit for CVE-2024-8504
2024-09-14 06:27:11
cvelist
cvelist
CVE-2024-8504 VICIdial Authenticated Remote Code Execution
2024-09-10 19:23:39
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up 09/27/2024
2024-09-27 19:21:52