CVE-2024-8503

Published Sep 10, 2024

Last updated 2 months ago

CVSS critical 9.8

Overview

Description
An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial to enumerate database records. By default, VICIdial stores plaintext credentials within the database.
Source
bbf0bd87-ece2-41be-b873-96928ee8fab9
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

bbf0bd87-ece2-41be-b873-96928ee8fab9
CWE-89

Social media

Hype score
Not currently trending

  1. Exploit for CVE-2024-8504 & CVE-2024-8503: SQLi and RCE #Exploit #CVE-2024-8504 #SQLi #RCE #Vulnerabilities https://t.co/y5GuVkKBZW

    @reverseame

    21 Oct 2024

    3870 Impressions

    19 Retweets

    64 Likes

    26 Bookmarks

    0 Replies

    0 Quotes

References