VICIdial 2.14-917a SQL Injection Vulnerability

An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial version 2.14-917a to enumerate database records. By default, VICIdial stores plaintext credentials within the database. Title: VICIdial Unauthenticated SQL Injection Publication URL:...