CVE-2015-2845

GoAutoDial GoAdmin CE - OS Command Injection via cpanel PATH_INFO

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2015-2845. PoCs published by Metasploit, Chris McCurley, including Metasploit module exploits/linux/http/goautodial_3_rce_command_injection.

AI-analyzed exploit summary This Metasploit module exploits a SQL injection vulnerability in GoAutoDial 3.3 for authentication bypass and command injection, leading to remote code execution with root privileges. It also retrieves admin credentials, including cleartext passwords, from the database.

Description

The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1421902800 allows remote attackers to execute arbitrary commands via the $type portion of the PATH_INFO.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremoteunix
https://www.exploit-db.com/exploits/42296

This Metasploit module exploits a SQL injection vulnerability in GoAutoDial 3.3 for authentication bypass and command injection, leading to remote code execution with root privileges. It also retrieves admin credentials, including cleartext passwords, from the database.

Classification
Working Poc 95%
Attack Type
Rce | Sqli | Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: GoAutoDial 3.3-1406088000 and below
No auth needed
Prerequisites: Network access to the target · Target running vulnerable GoAutoDial version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Chris McCurley · textwebappsphp
https://www.exploit-db.com/exploits/36807

The exploit demonstrates multiple vulnerabilities in GoAutoDial 3.3, including SQL injection for authentication bypass, arbitrary file upload, and command injection leading to remote code execution (RCE). The PoC includes clear examples of malicious payloads and techniques to achieve RCE and privilege escalation.

Classification
Working Poc 100%
Attack Type
Rce | Sqli | Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: GoAutoDial 3.3-1406088000 and previous releases
No auth needed
Prerequisites: Network access to the target · Default admin user not removed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by Chris McCurley · rubypoclinux
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/goautodial_3_rce_command_injection.rb

This Metasploit module exploits a SQL injection flaw in GoAutoDial 3.3 for authentication bypass and command injection, leading to RCE with root privileges. It also retrieves admin credentials from the database.

Classification
Working Poc 100%
Attack Type
Rce | Sqli | Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: GoAutoDial 3.3-1406088000 and below
No auth needed
Prerequisites: Network access to the target · GoAutoDial 3.3-1406088000 or below
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/535319/100/1100/threaded
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/42296/
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/74281
Vendor Advisory x_refsource_confirm
http://goautodial.org/news/21
Exploit exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/36807/

Scores

EPSS 0.7169
EPSS Percentile 99.3%

Details

CWE
CWE-78
Status published
Products (2)
goautodial/goadmin_ce 3.0
goautodial/goadmin_ce 3.3
Published May 12, 2015
Tracked Since Feb 18, 2026