AI Score
Confidence
Low
EPSS
Percentile
65.6%
SSVC
Exploitation
none
Automatable
yes
Technical Impact
total
An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial to enumerate database records. By default, VICIdial stores plaintext credentials within the database.
[
{
"cpes": [
"cpe:2.3:a:vicidial:vicidial:2.14-917a:*:*:*:*:*:*:*"
],
"vendor": "vicidial",
"product": "vicidial",
"versions": [
{
"status": "affected",
"version": "2.14-917a"
}
],
"defaultStatus": "unknown"
}
]