CVE-2024-8503

An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial to enumerate database records. By default, VICIdial stores plaintext credentials within the database. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt