ГлавнаяУязвимости → CVE-2024-8503
9.8критическая

CVE-2024-8503

Описание

An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial to enumerate database records. By default, VICIdial stores plaintext credentials within the database.

CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://korelogic.com/Resources/Advisories/KL-001-2024-011.txthttps://www.vicidial.org/vicidial.phphttp://seclists.org/fulldisclosure/2024/Sep/25http://seclists.org/fulldisclosure/2024/Sep/26