Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
WeGIA OS Command Injection in debug_info.php parameter 'branch'
Vulnerability Description
WeGIA is a web manager for charitable institutions. Prior to version 3.4.2, an OS Command Injection vulnerability was identified in the /html/configuracao/debug_info.php endpoint. The branch parameter is not properly sanitized before being concatenated and executed in a shell command on the server's operating system. This flaw allows an unauthenticated attacker to execute arbitrary commands on the server with the privileges of the web server user (www-data). This issue has been patched in version 3.4.2.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
WeGIA 操作系统命令注入漏洞
Vulnerability Description
WeGIA是Nilson Lazarin个人开发者的一个福利机构的网络管理器。 WeGIA 3.4.2之前版本存在操作系统命令注入漏洞,该漏洞源于/html/configuracao/debug_info.php端点中的branch参数未正确清理导致OS命令注入。
CVSS Information
N/A
Vulnerability Type
N/A