15 matches found
CVE-2026-51946
SQL Injection vulnerability in GoAdminGroup GoAdmin last release v1.2.26 allows a remote attacker to execute arbitrary code and obtain sensitive information via the the sorttype URL parameter on all /admin/info/table endpoints...
GoAutoDial GoAdmin CE 'cpanel' action variable arbitrary command execution vulnerability
GoAutoDial is a set of open source Web-based call center software running on CentOS systems.GoAdmin CE is one of the set of administrator applications. A security vulnerability in the 'cpanel' function in the gosite.php script of GoAutoDial GoAdmin CE allows remote attackers to execute arbitrary...
GoAutoDial GoAdmin CE SQL Injection Vulnerability
GoAutoDial is a set of open source Web-based call center software running on CentOS systems.GoAdmin CE is one of the set of administrator applications. GoAutoDial GoAdmin CE's gologin.php script fails to adequately filter the 'username' and 'userpass' parameters, gologin/ validatecredentials/admi...
GoAutoDial GoAdmin CE Arbitrary File Upload Vulnerability
GoAutoDial is a set of open source Web-based call center software running on CentOS systems.GoAdmin CE is one of the set of administrator applications. GoAutoDial An arbitrary file upload vulnerability exists in the goaudiostore.php script in the audiostore upload function of GoAdmin CE, which...
GoAutoDial GoAdmin CE 'cpanel' Arbitrary Command Execution Vulnerability
GoAutoDial is a set of open source Web-based call center software running on CentOS systems.GoAdmin CE is one of the set of administrator applications. A security vulnerability in the 'cpanel' function in the gosite.php script of GoAutoDial GoAdmin CE allows remote attackers to execute arbitrary...
CVE-2015-2842
Unrestricted file upload vulnerability in goaudiostore.php in the audiostore Voice Files upload functionality in GoAutoDial GoAdmin CE 3.x before 3.3-1421902800 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct reque...
Sql injection
Multiple SQL injection vulnerabilities in GoAutoDial GoAdmin CE before 3.3-1421902800 allow remote attackers to execute arbitrary SQL commands via the 1 username or 2 userpass parameter in gologin.php or the PATHINFO to 3 gologin/validatecredentials/admin/ or 4 index.php/gosite/gogetuserinfo/...
Unrestricted file upload
Unrestricted file upload vulnerability in goaudiostore.php in the audiostore Voice Files upload functionality in GoAutoDial GoAdmin CE 3.x before 3.3-1421902800 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct reque...
Command injection
The cpanel function in gosite.php in GoAutoDial GoAdmin CE before 3.3-1421902800 allows remote attackers to execute arbitrary commands via the $type portion of the PATHINFO...
Command injection
The cpanel function in gosite.php in GoAutoDial GoAdmin CE before 3.3-1420434000 allows remote attackers to execute arbitrary commands via the $action portion of the PATHINFO...
CVE-2015-2844
CVE-2015-2844 affects GoAutoDial GoAdmin CE prior to 3.3-1420434000. The cpanel function in go_site.php processes the PATH_INFO action segment, and unsafely passes it to command execution, enabling remote attackers to run arbitrary commands. Impact: remote code execution with complete system comp...
CVE-2015-2844
The cpanel function in gosite.php in GoAutoDial GoAdmin CE before 3.3-1420434000 allows remote attackers to execute arbitrary commands via the $action portion of the PATHINFO...
CVE-2015-2843
Multiple SQL injection vulnerabilities in GoAutoDial GoAdmin CE before 3.3-1421902800 allow remote attackers to execute arbitrary SQL commands via the 1 username or 2 userpass parameter in gologin.php or the PATHINFO to 3 gologin/validatecredentials/admin/ or 4 index.php/gosite/gogetuserinfo/...
CVE-2015-2842
Unrestricted file upload vulnerability in goaudiostore.php in the audiostore Voice Files upload functionality in GoAutoDial GoAdmin CE 3.x before 3.3-1421902800 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct reque...
CVE-2015-2843
GoAutoDial GoAdmin CE is vulnerable to SQL injection in go_login.php (parameters user_name, user_pass) and via PATH_INFO in go_login/validate_credentials/admin/ or index.php/go_site/go_get_user_info/. Affected versions are GoAutoDial GoAdmin CE before 3.3-1421902800. The root cause is inadequate ...