Vulnerabilities > Goautodial
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-12-07 | CVE-2021-43175 | Improper Authentication vulnerability in Goautodial and Goautodial API The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 exposes an API router that accepts a username, password, and action that routes to other PHP files that implement the various API functions. | 5.0 |
2021-12-07 | CVE-2021-43176 | Path Traversal vulnerability in Goautodial and Goautodial API The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 takes a user-supplied “action” parameter and appends a .php file extension to locate and load the correct PHP file to implement the API call. | 6.5 |
2015-05-12 | CVE-2015-2845 | OS Command Injection vulnerability in Goautodial Goadmin CE 3.0/3.3 The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1421902800 allows remote attackers to execute arbitrary commands via the $type portion of the PATH_INFO. | 10.0 |
2015-05-12 | CVE-2015-2844 | OS Command Injection vulnerability in Goautodial Goadmin CE 3.0/3.3 The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1420434000 allows remote attackers to execute arbitrary commands via the $action portion of the PATH_INFO. | 10.0 |
2015-05-12 | CVE-2015-2843 | SQL Injection vulnerability in Goautodial Goadmin CE 3.0/3.3 Multiple SQL injection vulnerabilities in GoAutoDial GoAdmin CE before 3.3-1421902800 allow remote attackers to execute arbitrary SQL commands via the (1) user_name or (2) user_pass parameter in go_login.php or the PATH_INFO to (3) go_login/validate_credentials/admin/ or (4) index.php/go_site/go_get_user_info/. | 7.5 |
2015-05-12 | CVE-2015-2842 | Multiple Security vulnerability in GoAutoDial GoAdmin CE 3.0/3.3 Unrestricted file upload vulnerability in go_audiostore.php in the audiostore (Voice Files) upload functionality in GoAutoDial GoAdmin CE 3.x before 3.3-1421902800 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in sounds/. | 10.0 |