GoAutoDial GoAdmin CE 'cpanel' Arbitrary Command Execution Vulnerability

GoAutoDial is a set of open source Web-based call center software running on CentOS systems.GoAdmin CE is one of the set of administrator applications. A security vulnerability in the 'cpanel' function in the gosite.php script of GoAutoDial GoAdmin CE allows remote attackers to execute arbitrary...

CVE-2015-2845

The cpanel function in gosite.php in GoAutoDial GoAdmin CE before 3.3-1421902800 allows remote attackers to execute arbitrary commands via the $type portion of the PATHINFO...

CVE-2015-2845

The cpanel function in gosite.php in GoAutoDial GoAdmin CE before 3.3-1421902800 allows remote attackers to execute arbitrary commands via the $type portion of the PATHINFO...

CVE-2015-2845

CVE-2015-2845 affects GoAutoDial GoAdmin CE prior to 3.3-1421902800. The vulnerability arises in the cpanel function in go_site.php: an attacker can craft PATH_INFO via the $type parameter to execute arbitrary commands remotely. This is a command injection vulnerability with high severity (remote...

CVE-2015-2844

The cpanel function in gosite.php in GoAutoDial GoAdmin CE before 3.3-1420434000 allows remote attackers to execute arbitrary commands via the $action portion of the PATHINFO...

CVE-2015-2844

CVE-2015-2844 affects GoAutoDial GoAdmin CE prior to 3.3-1420434000. The cpanel function in go_site.php processes the PATH_INFO action segment, and unsafely passes it to command execution, enabling remote attackers to run arbitrary commands. Impact: remote code execution with complete system comp...

GoAutoDial 3.3 multiple vulnerabilities

Affected software: GoAutoDial Affected version: 3.3-1406088000 GoAdmin and previous releases of GoAutodial 3.3 Associated CVEs: CVE-2015-2842, CVE-2015-2843, CVE-2015-2844, CVE-2015-2845 Vendor advisory: http://goautodial.org/news/21 Abstract: Multiple vulnerabilties exist in the GoAutodial 3.3...