CVE-2024-8503

CVE-2024-8503: VICIdial Unauthenticated SQL Injection

Vendor Vicidial
Product VICIdial
Weakness CWE-89 · SQLi
Published September 10, 2024
Last update November 4, 2025

CVSS base score

What the vulnerability does

01Description

An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial to enumerate database records. By default, VICIdial stores plaintext credentials within the database.

Key dates

02Disclosure timeline

September 10, 2024 CVE published
November 4, 2025 Record updated