Skip to main content

Goautodial

2 CVEs product

Monthly

CVE-2021-43176 HIGH POC This Week

The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 takes a user-supplied “action” parameter and appends a .php file extension to locate and load the correct PHP file to implement. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Goautodial Goautodial Api
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-43175 HIGH POC This Week

The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 exposes an API router that accepts a username, password, and action that routes to other PHP files that implement the various API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Goautodial Goautodial Api
NVD
CVSS 3.1
7.5
EPSS
1.2%
EPSS 1% CVSS 8.8
HIGH POC This Week

The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 takes a user-supplied “action” parameter and appends a .php file extension to locate and load the correct PHP file to implement. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Goautodial +1
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 exposes an API router that accepts a username, password, and action that routes to other PHP files that implement the various API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Goautodial +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy