CVE-2015-2843
50Vexday Risk Score
Patch soon. It has a working public exploit.
ssvc Attendepss 38%
from disclosure to weapon0 days
Published on NVDMay 12
1st PoCApr 21
metasploitApr 21
exploitation probability
38%top 2% of all CVEs
observed exploitation
nono source reports it
5 public exploit(s)
Multiple SQL injection vulnerabilities in GoAutoDial GoAdmin CE before 3.3-1421902800 allow remote attackers to execute arbitrary SQL commands via the (1) user_name or (2) user_pass parameter in go_login.php or the PATH_INFO to (3) go_login/validate_credentials/admin/ or (4) index.php/go_site/go_get_user_info/.
Affected products
n/a · n/apublic PoCs found — 5
cve_referencepacketstormsecurity.com/files/131543/GoAutoDial-SQL-Injection-Command-Execution-File-Upload.htmlunverifiedcve_referencewww.exploit-db.com/exploits/36807/unverifiedcve_referencewww.exploit-db.com/exploits/42296/unverifiedexploitdbwww.exploit-db.com/exploits/36807unverifiedexploitdbwww.exploit-db.com/exploits/42296unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://goautodial.org/news/21http://packetstormsecurity.com/files/131543/GoAutoDial-SQL-Injection-Command-Execution-File-Upload.htmlhttps://www.exploit-db.com/exploits/36807/https://www.exploit-db.com/exploits/42296/http://www.securityfocus.com/archive/1/535319/100/1100/threadedhttp://www.securityfocus.com/bid/74281