GoAutoDial GoAdmin CE 'cpanel' Arbitrary Command Execution Vulnerability

GoAutoDial is a set of open source Web-based call center software running on CentOS systems.GoAdmin CE is one of the set of administrator applications. A security vulnerability in the 'cpanel' function in the gosite.php script of GoAutoDial GoAdmin CE allows remote attackers to execute arbitrary...

GoAutoDial GoAdmin CE 'cpanel' action variable arbitrary command execution vulnerability

GoAutoDial is a set of open source Web-based call center software running on CentOS systems.GoAdmin CE is one of the set of administrator applications. A security vulnerability in the 'cpanel' function in the gosite.php script of GoAutoDial GoAdmin CE allows remote attackers to execute arbitrary...

CVE-2015-2842

Unrestricted file upload vulnerability in goaudiostore.php in the audiostore Voice Files upload functionality in GoAutoDial GoAdmin CE 3.x before 3.3-1421902800 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct reque...

Sql injection

Multiple SQL injection vulnerabilities in GoAutoDial GoAdmin CE before 3.3-1421902800 allow remote attackers to execute arbitrary SQL commands via the 1 username or 2 userpass parameter in gologin.php or the PATHINFO to 3 gologin/validatecredentials/admin/ or 4 index.php/gosite/gogetuserinfo/...

Unrestricted file upload

Unrestricted file upload vulnerability in goaudiostore.php in the audiostore Voice Files upload functionality in GoAutoDial GoAdmin CE 3.x before 3.3-1421902800 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct reque...

Command injection

The cpanel function in gosite.php in GoAutoDial GoAdmin CE before 3.3-1421902800 allows remote attackers to execute arbitrary commands via the $type portion of the PATHINFO...

Command injection

The cpanel function in gosite.php in GoAutoDial GoAdmin CE before 3.3-1420434000 allows remote attackers to execute arbitrary commands via the $action portion of the PATHINFO...

CVE-2015-2843

Multiple SQL injection vulnerabilities in GoAutoDial GoAdmin CE before 3.3-1421902800 allow remote attackers to execute arbitrary SQL commands via the 1 username or 2 userpass parameter in gologin.php or the PATHINFO to 3 gologin/validatecredentials/admin/ or 4 index.php/gosite/gogetuserinfo/...

CVE-2015-2842

Unrestricted file upload vulnerability in goaudiostore.php in the audiostore Voice Files upload functionality in GoAutoDial GoAdmin CE 3.x before 3.3-1421902800 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct reque...

CVE-2015-2844

CVE-2015-2844 affects GoAutoDial GoAdmin CE prior to 3.3-1420434000. The cpanel function in go_site.php processes the PATH_INFO action segment, and unsafely passes it to command execution, enabling remote attackers to run arbitrary commands. Impact: remote code execution with complete system comp...

CVE-2015-2844

The cpanel function in gosite.php in GoAutoDial GoAdmin CE before 3.3-1420434000 allows remote attackers to execute arbitrary commands via the $action portion of the PATHINFO...

CVE-2015-2843

GoAutoDial GoAdmin CE is vulnerable to SQL injection in go_login.php (parameters user_name, user_pass) and via PATH_INFO in go_login/validate_credentials/admin/ or index.php/go_site/go_get_user_info/. Affected versions are GoAutoDial GoAdmin CE before 3.3-1421902800. The root cause is inadequate ...