Full title: VICIdial 2.14-917a SQL Injection Vulnerability 
Category: web applications
Platform: php
An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial version 2.14-917a to enumerate database records. By default, VICIdial stores plaintext credentials within the database.

# 0day.today @ http://0day.today/