Vulnerabilities > CVE-2015-2842 - Unspecified vulnerability in Goautodial Goadmin CE 3.0/3.3

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

goautodial

exploit available

NVD

Published: 2015-05-12

Updated: 2024-11-21

Summary

Unrestricted file upload vulnerability in go_audiostore.php in the audiostore (Voice Files) upload functionality in GoAutoDial GoAdmin CE 3.x before 3.3-1421902800 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in sounds/.

Vulnerable Configurations

Part	Description	Count
Application	Goautodial Goautodial Goadmin CE 3.0 Goautodial Goadmin CE 3.3	2

Exploit-Db

description	GoAutoDial 3.3-1406088000 - Multiple Vulnerabilities. CVE-2015-2842,CVE-2015-2843,CVE-2015-2844,CVE-2015-2845. Webapps exploit for php platform
file	exploits/php/webapps/36807.txt
id	EDB-ID:36807
last seen	2016-02-04
modified	2015-04-21
platform	php
port	80
published	2015-04-21
reporter	Chris McCurley
source	https://www.exploit-db.com/download/36807/
title	GoAutoDial 3.3-1406088000 - Multiple Vulnerabilities
type	webapps

Packetstorm

data source	https://packetstormsecurity.com/files/download/131543/goautodial-execsqlupload.txt
id	PACKETSTORM:131543
last seen	2016-12-05
published	2015-04-21
reporter	Packet Storm
source	https://packetstormsecurity.com/files/131543/GoAutoDial-SQL-Injection-Command-Execution-File-Upload.html
title	GoAutoDial SQL Injection / Command Execution / File Upload

Summary

Vulnerable Configurations

Exploit-Db

Packetstorm

References