Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-8503 PoC — VICIdial 安全漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-8503.yaml
Associated Vulnerability
Title:VICIdial 安全漏洞 (CVE-2024-8503)
Description:VICIdial是VICIdial公司的一个软件套件。旨在与 Asterisk 开源 Pbx 电话系统交互,作为一个完整的呼入/呼出联络中心套件,同时支持呼入电子邮件。 VICIdial存在安全漏洞,该漏洞源于允许在数据库中存储纯文本凭据。
Description
An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial to enumerate database records. By default, VICIdial stores plaintext credentials within the database.
File Snapshot

 id: CVE-2024-8503

info:
  name: VICIdial - SQL Injection
  author: s4e-io
  severity: critical
  de

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.