GOautodial Open Source Omni-channel Contact Center Suite

GoAdmin CE Page Restriction Access Vulnerability

Accessing the URL https://your_ip/index.php/go_carriers_ce/go_get_carrier/view/CARRIERNAME and https://your_ip/login/index.php/go_carriers_ce/go_get_carrier/view/CARRIERNAME, the result will have full access on the page.

To fix this, you need to update your server via github, be sure to backup your configurations and files before updating. http://goautodial.org/projects/goautodialce/wiki/GIThub

We also acknowledged the help of Edwin Brasseur for letting us know this said page restriction access vulnerability.

Affected versions:

3.0 to 3.3

GoAdmin CE security vulnerabilities found. The specifics of each are below:

1. Arbitrary file upload within the ‘audiostore’ (Voice Files) upload functionality.
2. Arbitrary command injection via the ‘cpanel’ function due to lack of input sanitization.
3. SQL injection within the ‘go_get_user_info’ function due to lack of input sanitization.

To fix this, you need to update your server via github, be sure to backup your configurations and files before updating. http://goautodial.org/projects/goautodialce/wiki/GIThub

We also acknowledged the help of Chris McCurley for letting us know and fixing the said security vulnerabilities.

Affected versions:

3.0 to 3.3

GOautodial CE 3.3 has been released! Updated system packages, bug fixes and a lot more.

Featuring:

GOadmin 3.3-1406088000
Vicidial 2.9 RC1 (2.9.441a)
Asterisk 1.8.23
CentOS 5.10 base OS

Easily update your GOautodial CE 3.0 system to 3.3 via a single command:

yum update -y

Here's the HOWTO: http://goautodial.org/projects/goautodialce/wiki/GOautodialCE33.

Checkout the CHANGELOG for the complete list of changes.

/var/www/html/changelog.txt

You need to have Asterisk 1.8 and Vicidial 2.7RC1 installed. Check our Wiki pages on how to upgrade.

Finally! Asterisk 1.8 has come to GOautodial CE 3.0. Featuring the patched version of Asterisk 1.8.23-vici (from the Vicidial group). Head over to our Wiki page to browse the HOWTOs. Here's the direct link: How to Upgrade to Asterisk 1.8.23

GOautodial-ce-3.0-1373083200 has been uploaded to our repository. Featuring improved inbound (call menus/IVR and DIDs/queue) related wizards. New widget designs and tonnes of bugfixes.

Here are some of the updates:

User group permissions
Streamlined widgets
Improved DIDs and call menu wizards
Vicidial updated to 2.7RC1
Improved lead and recording search funtions
Bugfixes and a lot more

Run "yum update" to download the updates and upgrade your GOautodial system.

We've made it easy for GOautodial users to upgrade to the latest version.

Here's the HOWTO:

HOWTO Upgrade GOautodial CE 2.1 to 3.0

The latest and greatest GoAutoDial CE v3 release candidate 1 is now available. In 64bit and 32bit flavors. Featuring the GOadmin, GOreports and GOagent applications. Download now!

Full graphical system installation:

Widget based dashboard (drag n drop):

Agent monitoring (listen-in/barge-in):

Graphical reports and analytics:

Wizards based configuration:

Intuitive and simple agent UI:

And a lot more! Download now!

goautodial-64bit-ce-3.0-RC1a.iso
md5sum: c4a7534fb4b6d7348d2c1b08b593f783

goautodial-32bit-ce-3.0-RC1a.iso
md5sum: b928425bdc16e5f99498adee0ea3269d

Please check existing bugs here: [[http://goautodial.org/projects/goautodialce/issues]]. If you encounter new bugs, please create a new issue (bug) here: [[http://goautodial.org/projects/goautodialce/issues/new]].

Users of GoAutoDial CE v2.1, here's how to upgrade to the latest version: HOWTO Upgrade GOautodial CE 2.1 to 3.0

Done creating the base system for GoAutoDial CE 3.0 32-bit. Using CentOS 5.9 as system base. Included updated packages from CentOS updates repo and PHP 5.3.

Finally finished creating the base system for GoAutoDial CE 3.0 64-bit. Using CentOS 5.9 as system base. Included updated packages from CentOS updates repo and PHP 5.3.