GoAdmin CE security vulnerabilities found. The specifics of each are below:
1. Arbitrary file upload within the ‘audiostore’ (Voice Files) upload functionality.
2. Arbitrary command injection via the ‘cpanel’ function due to lack of input sanitization.
3. SQL injection within the ‘go_get_user_info’ function due to lack of input sanitization.
To fix this, you need to update your server via github, be sure to backup your configurations and files before updating. http://goautodial.org/projects/goautodialce/wiki/GIThub
We also acknowledged the help of Chris McCurley for letting us know and fixing the said security vulnerabilities.
Affected versions:
3.0 to 3.3
GOautodial CE 3.3 has been released! Updated system packages, bug fixes and a lot more.
Featuring:
GOadmin 3.3-1406088000
Vicidial 2.9 RC1 (2.9.441a)
Asterisk 1.8.23
CentOS 5.10 base OS
Easily update your GOautodial CE 3.0 system to 3.3 via a single command:
yum update -y
Finally! Asterisk 1.8 has come to GOautodial CE 3.0. Featuring the patched version of Asterisk 1.8.23-vici (from the Vicidial group). Head over to our Wiki page to browse the HOWTOs. Here's the direct link: How to Upgrade to Asterisk 1.8.23
GOautodial-ce-3.0-1373083200 has been uploaded to our repository. Featuring improved inbound (call menus/IVR and DIDs/queue) related wizards. New widget designs and tonnes of bugfixes.
Here are some of the updates:
User group permissions
Streamlined widgets
Improved DIDs and call menu wizards
Vicidial updated to 2.7RC1
Improved lead and recording search funtions
Bugfixes and a lot more
Run "yum update" to download the updates and upgrade your GOautodial system.

Done creating the base system for GoAutoDial CE 3.0 32-bit. Using CentOS 5.9 as system base. Included updated packages from CentOS updates repo and PHP 5.3.
Finally finished creating the base system for GoAutoDial CE 3.0 64-bit. Using CentOS 5.9 as system base. Included updated packages from CentOS updates repo and PHP 5.3.