Vulnerabilities > CVE-2015-2842 - Multiple Security vulnerability in GoAutoDial GoAdmin CE 3.0/3.3
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Unrestricted file upload vulnerability in go_audiostore.php in the audiostore (Voice Files) upload functionality in GoAutoDial GoAdmin CE 3.x before 3.3-1421902800 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in sounds/. <a href="http://cwe.mitre.org/data/definitions/434.html">CWE-434: Unrestricted Upload of File with Dangerous Type</a>
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Exploit-Db
description | GoAutoDial 3.3-1406088000 - Multiple Vulnerabilities. CVE-2015-2842,CVE-2015-2843,CVE-2015-2844,CVE-2015-2845. Webapps exploit for php platform |
file | exploits/php/webapps/36807.txt |
id | EDB-ID:36807 |
last seen | 2016-02-04 |
modified | 2015-04-21 |
platform | php |
port | 80 |
published | 2015-04-21 |
reporter | Chris McCurley |
source | https://www.exploit-db.com/download/36807/ |
title | GoAutoDial 3.3-1406088000 - Multiple Vulnerabilities |
type | webapps |
Packetstorm
data source | https://packetstormsecurity.com/files/download/131543/goautodial-execsqlupload.txt |
id | PACKETSTORM:131543 |
last seen | 2016-12-05 |
published | 2015-04-21 |
reporter | Packet Storm |
source | https://packetstormsecurity.com/files/131543/GoAutoDial-SQL-Injection-Command-Execution-File-Upload.html |
title | GoAutoDial SQL Injection / Command Execution / File Upload |