Critical severity9.8NVD Advisory· Published Sep 10, 2024· Updated Apr 15, 2026

CVE-2024-8503

Description

An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial to enumerate database records. By default, VICIdial stores plaintext credentials within the database.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

seclists.org/fulldisclosure/2024/Sep/25nvd
seclists.org/fulldisclosure/2024/Sep/26nvd
korelogic.com/Resources/Advisories/KL-001-2024-011.txtnvd
www.vicidial.org/vicidial.phpnvd

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.074
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000