Vulnerabilities > CVE-2015-2842 - Multiple Security vulnerability in GoAutoDial GoAdmin CE 3.0/3.3

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

goautodial

critical

exploit available

NVD

Published: 2015-05-12

Updated: 2018-10-09

Summary

Unrestricted file upload vulnerability in go_audiostore.php in the audiostore (Voice Files) upload functionality in GoAutoDial GoAdmin CE 3.x before 3.3-1421902800 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in sounds/. <a href="http://cwe.mitre.org/data/definitions/434.html">CWE-434: Unrestricted Upload of File with Dangerous Type</a>

Vulnerable Configurations

Part	Description	Count
Application	Goautodial Goautodial Goadmin CE 3.0 Goautodial Goadmin CE 3.3	2

Exploit-Db

description	GoAutoDial 3.3-1406088000 - Multiple Vulnerabilities. CVE-2015-2842,CVE-2015-2843,CVE-2015-2844,CVE-2015-2845. Webapps exploit for php platform
file	exploits/php/webapps/36807.txt
id	EDB-ID:36807
last seen	2016-02-04
modified	2015-04-21
platform	php
port	80
published	2015-04-21
reporter	Chris McCurley
source	https://www.exploit-db.com/download/36807/
title	GoAutoDial 3.3-1406088000 - Multiple Vulnerabilities
type	webapps

Packetstorm

data source	https://packetstormsecurity.com/files/download/131543/goautodial-execsqlupload.txt
id	PACKETSTORM:131543
last seen	2016-12-05
published	2015-04-21
reporter	Packet Storm
source	https://packetstormsecurity.com/files/131543/GoAutoDial-SQL-Injection-Command-Execution-File-Upload.html
title	GoAutoDial SQL Injection / Command Execution / File Upload

Summary

Vulnerable Configurations

Exploit-Db

Packetstorm

References