11 matches found
Exploit for CVE-2024-8503
vicidial-cve-2024-8503-blind-sqli-p...
VulnCheck KEV: CVE-2024-8503
An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial to enumerate database records. By default, VICIdial stores plaintext credentials within the database...
VICIdial Authenticated Remote Code Execution
An attacker with authenticated access to VICIdial as an "agent" can execute arbitrary shell commands as the "root" user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective. Module Options msf use...
VICIdial Authenticated Remote Code Execution Exploit
metasploit.com This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VICIdial Authenticated Remote Code Execution', 'Description' = %q An attacker with authenticated access to VICIdial as an "agent"...
VICIdial Authenticated Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VICIdial Authenticated Remote Code Execution', 'Description' = %q An attacker with authenticated access to VICIdial as an "agent" can execute...
Vicidial SQL Injection Time-based Admin Credentials Enumeration
This module exploits a time-based SQL injection vulnerability in VICIdial, allowing attackers to dump admin credentials usernames and passwords via SQL injection. Module Options msf use auxiliary/scanner/http/vicidialsqlenumuserspass msf auxiliaryvicidialsqlenumuserspass show actions ...actions...
Exploit for CVE-2024-8504
⚡️ Exploit for CVE-2024-8504 & CVE-2024-8503: SQLi and RCE ⚡️...
VICIdial 2.14-917a SQL Injection Vulnerability
An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial version 2.14-917a to enumerate database records. By default, VICIdial stores plaintext credentials within the database. Title: VICIdial Unauthenticated SQL Injection Publication URL:...
CVE-2024-8503
creationtimestamp| type| source ---|---|--- 2024-09-10 22:37:05+00:00| seen| https://t.me/cvedetector/5298 2024-09-10 22:37:06+00:00| seen| https://t.me/cvedetector/5299 2024-09-14 06:31:55+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/8527 2024-09-15 08:46:36+00:00| seen|...
CVE-2024-8503
CVE-2024-8503 (SQL Injection) in VICIdial: an unauthenticated attacker can trigger a time-based SQL injection to enumerate database records and expose plaintext credentials stored in VICIdial. Connected documents corroborate a critical impact (C<H/I<H/A
VICIdial Unauthenticated SQL Injection
Vulnerability Details Affected Vendor: VICIdial Affected Product: VICIdial Affected Version: 2.14-917a Platform: GNU/Linux CWE Classification: CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' CVE ID: CVE-2024-8503 2. Vulnerability Description An...