Remote Command Execution in GoAutoDial Administration Interface
CVE-2015-2844

Currently unrated

Key Information:

Vendor

Goautodial

Status
Goadmin Ce
Vendor
CVE Published:
12 May 2015

What is CVE-2015-2844?

The GoAutoDial GoAdmin CE administrative interface has a vulnerability in the cpanel function located in go_site.php, which allows remote attackers to execute arbitrary commands. This is achieved through manipulation of the $action parameter within the PATH_INFO variable. Attackers exploiting this vulnerability can gain unauthorized access and execute commands with the privileges of the web server, potentially leading to a full system compromise.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securityfocus.com/archive/1/535319/100/1100/th...
mailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/bid/74281
vdb-entryx_refsource_BID
http://goautodial.org/news/21
x_refsource_CONFIRM

EPSS Score

39% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.