CVE-2015-2843 — AI Deep Analysis Summary

🚨 **Essence**: SQL Injection in GoAutoDial GoAdmin CE. 💥 **Consequences**: Attackers can bypass authentication or extract sensitive database data via malicious inputs in login fields.

🛡️ **Root Cause**: Insufficient input validation in `go_login.php`. 🔍 **Flaw**: The script fails to sanitize `user_name` and `user_pass` parameters, allowing SQL code injection.

📦 **Affected**: GoAutoDial GoAdmin CE. 📅 **Versions**: Prior to version 3.3-1421902800. 🌐 **Context**: Web-based call center software running on CentOS.

🕵️ **Hackers Can**: Execute arbitrary SQL commands. 📂 **Impact**: Access user credentials, bypass admin login (`go_login/validate_credentials/admin/`), and retrieve user info (`go_get_user_info`).

⚠️ **Threshold**: Low to Medium. 🚪 **Access**: Requires interaction with the web interface (login pages). No complex network config needed, just valid-looking HTTP requests to the vulnerable endpoints.

💣 **Public Exp?**: YES. 📂 **Evidence**: Exploit-DB IDs 42296 and 36807 are available. PacketStorm also lists related exploits. Wild exploitation is possible.

🔍 **Self-Check**: Scan for GoAutoDial instances. 🧪 **Test**: Send crafted SQL payloads in `user_name`/`user_pass` fields of `go_login.php` and observe error responses or unexpected data retrieval.

🩹 **Official Fix**: Yes. 📢 **Source**: Vendor confirmation via goautodial.org/news/21. Users must upgrade to version 3.3-1421902800 or later to patch the flaw.

🚧 **No Patch?**: Implement WAF rules to block SQL keywords in POST parameters. 🛑 **Mitigation**: Restrict access to `go_login.php` and admin endpoints via IP whitelisting or firewall rules.

🔥 **Urgency**: HIGH. 🚨 **Priority**: Critical. Since public exploits exist and it affects authentication, immediate patching or mitigation is required to prevent unauthorized access.