Browse all 6 CVE security advisories affecting VICIdial. AI-powered Chinese analysis, POCs, and references for each vulnerability.
VICIdial serves as an open-source contact center solution for outbound/inbound call management and customer service operations. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from insufficient input validation and access controls. The system's web interface and API integration points have been particularly susceptible. While no major public security incidents have been widely documented, the presence of six CVEs indicates ongoing security concerns. Organizations implementing VICIdial should prioritize regular patching and harden configurations against common web application threats, particularly those related to authentication and session management.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-8504 | VICIdial Authenticated Remote Code Execution — VICIdialCWE-78 | 8.8AI | HighAI | 2024-09-10 |
| CVE-2024-8503 | VICIdial Unauthenticated SQL Injection — VICIdialCWE-89 | 7.5AI | HighAI | 2024-09-10 |
| CVE-2022-34879 | VICIDial 2.14b0.5 SVN 3550 was discovered to contain multiple Cross Site Scripting (XSS) vulnerabilities at /vicidial/admin.php. — VICIdialCWE-79 | 6.5 | Medium | 2022-07-05 |
| CVE-2022-34878 | VICIDial 2.14b0.5 SVN 3550 was discovered to contain a SQL injection vulnerability at /vicidial/user_stats.php. — VICIdialCWE-89 | 5.5 | Medium | 2022-07-05 |
| CVE-2022-34877 | VICIDial 2.14b0.5 SVN 3550 was discovered to contains a SQL injection vulnerability at /vicidial/AST_agent_time_sheet.php. — VICIdialCWE-89 | 6.4 | Medium | 2022-07-05 |
| CVE-2022-34876 | VICIDial 2.14b0.5 SVN 3550 was discovered to contain multiple SQL injection vulnerability at /vicidial/admin.php. — VICIdialCWE-89 | 5.5 | Medium | 2022-07-05 |
This page lists every published CVE security advisory associated with VICIdial. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.