Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
WeGIA vulnerable to OS Command Injection at endpoint 'importar_dump.php' parameter 'import' (RCE)
Vulnerability Description
WeGIA is a Web manager for charitable institutions. An OS Command Injection vulnerability was discovered in versions prior to 3.2.15 of the WeGIA application, `importar_dump.php` endpoint. This vulnerability could allow an attacker to execute arbitrary code remotely. The command is basically a command to move a temporary file, so a webshell upload is also possible. Version 3.2.15 contains a patch for the issue.
CVSS Information
N/A
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
WeGIA 访问控制错误漏洞
Vulnerability Description
WeGIA是Nilson Lazarin个人开发者的一个福利机构的网络管理器。 WeGIA 3.2.15之前版本存在访问控制错误漏洞。攻击者利用该漏洞可以执行任意代码,包括上传Webshell。
CVSS Information
N/A
Vulnerability Type
N/A