GoAdmin CE Security Vulnerability
GoAdmin CE security vulnerabilities found. The specifics of each are below:
1. Arbitrary file upload within the ‘audiostore’ (Voice Files) upload functionality.
2. Arbitrary command injection via the ‘cpanel’ function due to lack of input sanitization.
3. SQL injection within the ‘go_get_user_info’ function due to lack of input sanitization.
To fix this, you need to update your server via github, be sure to backup your configurations and files before updating. http://goautodial.org/projects/goautodialce/wiki/GIThub
We also acknowledged the help of Chris McCurley for letting us know and fixing the said security vulnerabilities.
Affected versions:
3.0 to 3.3
Go to top
Comments