CVE-2015-2844

Published: May 12, 2015Modified: May 6, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1420434000 allows remote attackers to execute arbitrary commands via the $action portion of the PATH_INFO.

Affected (2)

Products: Goautodial: Goadmin Ce

Goautodial

1 product

Goadmin Ce

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Goautodial Goadmin Ce	Version 3.0
Goautodial Goadmin Ce	Version 3.3

Related CWEs

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (10)

http://goautodial.org/news/21

Source: cve@mitre.org

Vendor Advisory

http://packetstormsecurity.com/files/131543/GoAutoDial-SQL-Injection-Command-Execution-File-Upload.html

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/535319/100/1100/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/74281

Source: cve@mitre.org

https://www.exploit-db.com/exploits/36807/

Source: cve@mitre.org

Exploit

http://goautodial.org/news/21