GoAdmin CE Security Vulnerability

Added by Jerico James Milo about 2 years ago

GoAdmin CE security vulnerabilities found. The specifics of each are below:

1. Arbitrary file upload within the ‘audiostore’ (Voice Files) upload functionality.
2. Arbitrary command injection via the ‘cpanel’ function due to lack of input sanitization.
3. SQL injection within the ‘go_get_user_info’ function due to lack of input sanitization.

To fix this, you need to update your server via github, be sure to backup your configurations and files before updating. http://goautodial.org/projects/goautodialce/wiki/GIThub

We also acknowledged the help of Chris McCurley for letting us know and fixing the said security vulnerabilities.

Affected versions:

3.0 to 3.3


Comments