CVE-2015-2843

Name of the Vulnerable Software and Affected Versions GoAdmin CE versions prior to 3.3-1421902800

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the user name or user pass parameter in 'go login.php' or the PATH INFO to 'go login/validate credentials/admin/' or 'index.php/go site/go get user info/'.

Recommendations For versions prior to 3.3-1421902800, update to version 3.3-1421902800 or later to resolve the issue. As a temporary workaround, consider restricting access to the 'go login.php' and 'index.php/go site/go get user info/' endpoints to minimize the risk of exploitation. Avoid using the user name and user pass parameters in the affected API endpoints until the issue is resolved.