Vulnerabilities > Goautodial

DATE CVE VULNERABILITY TITLE RISK
2021-12-07 CVE-2021-43175 Improper Authentication vulnerability in Goautodial and Goautodial API
The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 exposes an API router that accepts a username, password, and action that routes to other PHP files that implement the various API functions.
network
low complexity
goautodial CWE-287
5.0
2021-12-07 CVE-2021-43176 Path Traversal vulnerability in Goautodial and Goautodial API
The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 takes a user-supplied “action” parameter and appends a .php file extension to locate and load the correct PHP file to implement the API call.
network
low complexity
goautodial CWE-22
6.5
2015-05-12 CVE-2015-2845 OS Command Injection vulnerability in Goautodial Goadmin CE 3.0/3.3
The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1421902800 allows remote attackers to execute arbitrary commands via the $type portion of the PATH_INFO.
network
low complexity
goautodial CWE-78
critical
10.0
2015-05-12 CVE-2015-2844 OS Command Injection vulnerability in Goautodial Goadmin CE 3.0/3.3
The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1420434000 allows remote attackers to execute arbitrary commands via the $action portion of the PATH_INFO.
network
low complexity
goautodial CWE-78
critical
10.0
2015-05-12 CVE-2015-2843 SQL Injection vulnerability in Goautodial Goadmin CE 3.0/3.3
Multiple SQL injection vulnerabilities in GoAutoDial GoAdmin CE before 3.3-1421902800 allow remote attackers to execute arbitrary SQL commands via the (1) user_name or (2) user_pass parameter in go_login.php or the PATH_INFO to (3) go_login/validate_credentials/admin/ or (4) index.php/go_site/go_get_user_info/.
network
low complexity
goautodial CWE-89
7.5
2015-05-12 CVE-2015-2842 Multiple Security vulnerability in GoAutoDial GoAdmin CE 3.0/3.3
Unrestricted file upload vulnerability in go_audiostore.php in the audiostore (Voice Files) upload functionality in GoAutoDial GoAdmin CE 3.x before 3.3-1421902800 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in sounds/.
network
low complexity
goautodial
critical
10.0