Security Advisory

CVE-2024-8503

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-09-10 19:22:40
Last updated 2025-11-04 16:16:05
Assigner KoreLogic
State PUBLISHED

Description

An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial to enumerate database records. By default, VICIdial stores plaintext credentials within the database.