Arbitrary Command Execution in GoAutoDial GoAdmin CE

Arbitrary Command Execution in GoAutoDial GoAdmin CE

CVE-2015-2844 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1420434000 allows remote attackers to execute arbitrary commands via the $action portion of the PATH_INFO.

Learn more about our Web Application Penetration Testing UK.