Published: 12/05/2015 Updated: 09/10/2018

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Unrestricted file upload vulnerability in go_audiostore.php in the audiostore (Voice Files) upload functionality in GoAutoDial GoAdmin CE 3.x prior to 3.3-1421902800 allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in sounds/.

Vulnerable Product	Search on Vulmon	Subscribe to Product
goautodial goadmin ce 3.0
goautodial goadmin ce 3.3

Affected software: GoAutoDial Affected version: 33-1406088000 (GoAdmin) and previous releases of GoAutodial 33 Associated CVEs: CVE-2015-2842, CVE-2015-2843, CVE-2015-2844, CVE-2015-2845 Vendor advisory: goautodialorg/news/21 Abstract: Multiple vulnerabilties exist in the GoAutodial 33 open source call centre software that will lead to ...

Affected software: GoAutoDialAffected version: 33-1406088000 (GoAdmin) and previous releases of GoAutodial 33Associated CVEs: CVE-2015-2842, CVE-2015-2843, CVE-2015-2844, CVE-2015-2845Vendor advisory: goautodialorg/news/21Abstract:Multiple vulnerabilties exist in the GoAutodial 33 open source call centre software that will lead to a comp ...

This script exploits a SQL injection flaw in the login functionality for GoAutoDial version 3.3-1406088000 and below, and attempts to perform command injection. This also attempts to retrieve the admin user details, including the cleartext password stored in the underlying database. Command injection will be performed with root privileges. The d…

GoAutoDial-CE-33 - Authentication-Bypass-Command-Injection Exploit This script exploits a SQL injection flaw in the login functionality for GoAutoDial version 33-1406088000 and below, and attempts to perform command injection This also attempts to retrieve the admin user details, including the cleartext password stored in the underlying database Command injection will be p

This script exploits a SQL injection flaw in the login functionality for GoAutoDial version 3.3-1406088000 and below, and attempts to perform command injection. This also attempts to retrieve the admin user details, including the cleartext password stored in the underlying database. Command injection will be performed with root privileges. The d…

GoAutoDial-CE-33 - Authentication-Bypass-Command-Injection Exploit This script exploits a SQL injection flaw in the login functionality for GoAutoDial version 33-1406088000 and below, and attempts to perform command injection This also attempts to retrieve the admin user details, including the cleartext password stored in the underlying database Command injection will be p

NVD-CWE-Other https://www.exploit-db.com/exploits/36807/http://goautodial.org/news/21 http://packetstormsecurity.com/files/131543/GoAutoDial-SQL-Injection-Command-Execution-File-Upload.html http://www.securityfocus.com/bid/74281 http://www.securityfocus.com/archive/1/535319/100/1100/threaded https://nvd.nist.gov https://github.com/TarunYenni/GoAutoDial-CE-3.3---Authentication-Bypass-Command-Injection https://www.exploit-db.com/exploits/36807/

CVE-2015-2842

Vulnerability Summary

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect