VICIdial - SQL Injection

An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial to enumerate database records. By default, VICIdial stores plaintext credentials within the database. id: CVE-2024-8503 info: name: VICIdial - SQL Injection author: s4e-io severity: critical description:...

Exploit for CVE-2024-8503

vicidial-cve-2024-8503-blind-sqli-p...

VICIdial Sensitive Information Disclosure

VICIdial's Web Client is susceptible to information disclosure because it contains many sensitive files that can be accessed from the client side. These files contain mysqli logs, auth logs, debug information, successful and unsuccessful login attempts with their corresponding IP's, User-Agents,...

CVE-2013-7382

VICIDIAL dialer aka Asterisk GUI client 2.8-403a, 2.7, 2.7RC1, and earlier has a hardcoded password of donotedit for the 1 VDAD and 2 VDCL users, which makes it easier for remote attackers to obtain access...

EUVD-2009-2230

Malware in sbrugna...

EUVD-2013-7148

Malware in sbrugna...

EUVD-2021-22020

Malware in sbrugna...

EUVD-2021-33233

Malicious code in bioql PyPI...

EUVD-2025-21037

Malicious code in bioql PyPI...

EUVD-2022-37783

Malicious code in bioql PyPI...

Malicious code in vicidial (npm)

The package vicidial was found to contain malicious code...

MAL-2025-38295 Malicious code in vicidial (npm)

The package vicidial was found to contain malicious code...

CVE-2025-34099

An unauthenticated command injection vulnerability exists in VICIdial versions 2.9 RC1 through 2.13 RC1, within the vicidialsalesviewer.php component when password encryption is enabled a non-default configuration. The application improperly passes the HTTP Basic Authentication password directly ...

CVE-2025-34099

An unauthenticated command injection vulnerability exists in VICIdial versions 2.9 RC1 through 2.13 RC1, within the vicidialsalesviewer.php component when password encryption is enabled a non-default configuration. The application improperly passes the HTTP Basic Authentication password directly ...

CVE-2025-34099

Affected software: VICIdial v2.9 RC1–2.13 RC1; component: vicidial_sales_viewer.php. Root cause: when password encryption is enabled (non-default), the HTTP Basic Authentication password is directly passed to exec(), enabling unauthenticated command injection. Impact: arbitrary OS command executi...

CVE-2025-34099 VICIdial vicidial_sales_viewer.php Unauthenticated Command Injection via Basic Auth Password

An unauthenticated command injection vulnerability exists in VICIdial versions 2.9 RC1 through 2.13 RC1, within the vicidialsalesviewer.php component when password encryption is enabled a non-default configuration. The application improperly passes the HTTP Basic Authentication password directly ...

CVE-2025-34099 VICIdial vicidial_sales_viewer.php Unauthenticated Command Injection via Basic Auth Password

An unauthenticated command injection vulnerability exists in VICIdial versions 2.9 RC1 through 2.13 RC1, within the vicidialsalesviewer.php component when password encryption is enabled a non-default configuration. The application improperly passes the HTTP Basic Authentication password directly ...

PT-2025-29141 · Vicidial · Vicidial

Name of the Vulnerable Software and Affected Versions: VICIdial versions 2.9 RC1 through 2.13 RC1 Description: An unauthenticated command injection issue exists in the vicidial sales viewer.php component when password encryption is enabled. The application improperly passes the HTTP Basic...

VICIdial 安全漏洞

VICIdial is a software suite from VICIdial, Inc. designed to interact with the Asterisk open source Pbx telephony system as a complete inbound/outbound contact center suite with inbound email support. A security vulnerability exists in VICIdial versions 2.9 RC1 through 2.13 RC1, which stems from ...

CVE-2021-46557

Vicidial 2.14-783a was discovered to contain a cross-site scripting XSS vulnerability via the input tabs...