Hunterxsirago1

**Name of the Vulnerable Software and Affected Versions** WeGIA versions prior to 3.6.6 **Description** WeGIA is a web manager for charitable institutions. A critical SQL injection issue exists in the application prior to version 3.6.6. The `remover produto ocultar.php` script utilizes `extract($ REQUEST)` to populate local variables, which are then directly concatenated into a SQL query executed through `PDO::query`. This allows an authenticated or auth-bypassed attacker to execute arbitrary SQL commands. This can lead to the exfiltration of sensitive data from the database or a time-based denial of service. The vulnerable code directly concatenates user-supplied input from the `$ REQUEST` variable into a SQL query without proper sanitization. The `extract()` function is used to populate local variables directly from the `$ REQUEST` array, making the application susceptible to SQL injection attacks. **Recommendations** Versions prior to 3.6.6 should be updated to version 3.6.6 or later.

**Name of the Vulnerable Software and Affected Versions** OneUptime versions prior to 10.0.18 **Description** OneUptime allows project members to execute custom Playwright/JavaScript code via Synthetic Monitors. This code is executed within the Node.js `vm` module, which is not a secure sandbox. An attacker can leverage a prototype-chain escape using `this.constructor.constructor` to bypass the sandbox and gain access to the underlying Node.js process object. This allows for arbitrary system command execution (RCE) on the `oneuptime-probe` container. Because the probe holds database and cluster credentials in its environment variables, a successful exploit leads to a complete cluster compromise. The vulnerability resides in the `Common/Server/Utils/VM/VMRunner.ts` file, specifically in the `vm.runInContext()` function. An attacker can use a payload like `const proc = this.constructor.constructor('return process')();` to escape the sandbox and execute commands. **Recommendations** Versions prior to 10.0.18 should be updated to version 10.0.18 or later.

**Nome do Software Vulnerável e Versões Afetadas** Versões do WeGIA anteriores à 3.6.5 **Descrição** O WeGIA é um gerenciador web para instituições beneficentes. Existe uma vulnerabilidade crítica de Execução Remota de Código (RCE) na funcionalidade de restauração do banco de dados da aplicação. Um atacante com acesso administrativo pode executar comandos arbitrários do sistema operacional no servidor ao fazer upload de um arquivo de backup especialmente manipulado. A vulnerabilidade é acionada através da manipulação do nome do arquivo durante o processo de restauração do banco de dados. **Recomendações** As versões anteriores à 3.6.5 devem ser atualizadas para a versão 3.6.5 ou superior.

**Name of the Vulnerable Software and Affected Versions** WeGIA versions prior to 3.6.5 **Description** WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, an unsafe use of the `extract()` function on the `$ REQUEST` superglobal allows an unauthenticated attacker to overwrite local variables in multiple PHP scripts. This can bypass authentication checks, allowing unauthorized access to administrative and protected areas of the WeGIA application. The `extract()` function is a PHP function that converts variables from an array to individual variables. The `$ REQUEST` superglobal contains data from GET, POST, and COOKIE requests. **Recommendations** Update WeGIA to version 3.6.5.