Chris Mccurley

**Name of the Vulnerable Software and Affected Versions** PaperCut NG versions prior to 22.1.1 PaperCut MF versions prior to 22.1.1 **Description** A Path Traversal issue exists, potentially allowing an authenticated attacker to achieve read-only access to the server's filesystem under specific conditions. This is because requests beginning with "GET /ui/static/..//.." reach `getStaticContent` in `UIContentResource.class` in the `static-content-files` servlet. The vulnerability is related to incorrect restriction of the directory path name with limited access, which may allow a remote attacker to gain unauthorized access to protected information. **Recommendations** For PaperCut NG versions prior to 22.1.1, update to version 22.1.1 or later to resolve the issue. For PaperCut MF versions prior to 22.1.1, update to version 22.1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `static-content-files` servlet to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GoAutoDial GoAdmin CE versions 3.x before 3.3-1421902800 **Description** The issue concerns an unrestricted file upload vulnerability in the audiostore (Voice Files) upload functionality. This vulnerability allows remote attackers to execute arbitrary code by uploading a file with an executable extension and then accessing it via a direct request to the file in sounds/. **Recommendations** For GoAutoDial GoAdmin CE versions 3.x before 3.3-1421902800, update to version 3.3-1421902800 or later to resolve the issue. As a temporary workaround, consider restricting access to the `go audiostore.php` file and the `sounds/` directory to minimize the risk of exploitation. Avoid using the audiostore upload functionality until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** GoAdmin CE versions prior to 3.3-1421902800 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `user name` or `user pass` parameter in 'go login.php' or the PATH INFO to 'go login/validate credentials/admin/' or 'index.php/go site/go get user info/'. **Recommendations** For versions prior to 3.3-1421902800, update to version 3.3-1421902800 or later to resolve the issue. As a temporary workaround, consider restricting access to the 'go login.php' and 'index.php/go site/go get user info/' endpoints to minimize the risk of exploitation. Avoid using the `user name` and `user pass` parameters in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** GoAdmin CE versions prior to 3.3-1420434000 **Description** The issue allows remote attackers to execute arbitrary commands. This is achieved via the `$action` portion of the `PATH INFO`. **Recommendations** For versions prior to 3.3-1420434000, update to version 3.3-1420434000 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** GoAdmin CE versions prior to 3.3-1421902800 **Description** The issue allows remote attackers to execute arbitrary commands. This is achieved via the `$type` portion of the `PATH INFO`. **Recommendations** For versions prior to 3.3-1421902800, update to version 3.3-1421902800 or later to resolve the issue.