Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
WeGIA affected by arbitrary file read via symlink in backup restore
Vulnerability Description
WeGIA is a web manager for charitable institutions. In 3.6.5, The patched loadBackupDB() extracts tar.gz archives to a temporary directory using PHP's PharData class, then uses glob() and file_get_contents() to read SQL files from the extracted contents. Neither the extraction nor the file reading validates whether archive members are symbolic links. This vulnerability is fixed in 3.6.6.
CVSS Information
N/A
Vulnerability Type
在文件访问前对链接解析不恰当(链接跟随)
Vulnerability Title
WeGIA 后置链接漏洞
Vulnerability Description
WeGIA是Nilson Lazarin个人开发者的一个福利机构的网络管理器。 WeGIA 3.6.5版本存在后置链接漏洞,该漏洞源于提取和读取归档文件时未验证符号链接,可能导致路径遍历攻击。
CVSS Information
N/A
Vulnerability Type
N/A