Chan-Woong

**Name of the Vulnerable Software and Affected Versions** WeGIA versions prior to 3.2.15 **Description** WeGIA is a Web manager for charitable institutions. An OS Command Injection issue was discovered, allowing an attacker to execute arbitrary code remotely via the `importar dump.php` endpoint. This could also enable a webshell upload. **Recommendations** For versions prior to 3.2.15, update to version 3.2.15 to apply the patch for the issue. As a temporary workaround, consider restricting access to the `importar dump.php` endpoint until the update can be applied.

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.2.14 Description: WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. An OS Command Injection vulnerability was discovered in the WeGIA application, `gerenciar backup.php` endpoint. This vulnerability could allow an attacker to execute arbitrary code remotely. Recommendations: For versions prior to 3.2.14, upgrade to version 3.2.14 to address the issue. As a temporary workaround, consider restricting access to the `gerenciar backup.php` endpoint until the upgrade is applied. There are no known workarounds for this vulnerability.

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.2.14 Description: A Path Traversal vulnerability was discovered in the WeGIA application, affecting the `examples.php` endpoint. This issue could allow an attacker to gain unauthorized access to sensitive information stored in `config.php`, which contains data that could permit direct access to the database. Recommendations: For versions prior to 3.2.14, upgrade to version 3.2.14 to secure sensitive information stored in `config.php`. As a temporary workaround, consider restricting access to the `examples.php` endpoint until the upgrade is applied. Additionally, avoid using the `config.php` file in a way that could expose its contents until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.2.14 Description: A Path Traversal issue was discovered in the WeGIA application, affecting the `exportar dump.php` endpoint. This could allow an attacker to gain unauthorized access to sensitive information stored in `config.php`, which contains data that could enable direct access to the database. Recommendations: For versions prior to 3.2.14, upgrade to version 3.2.14 to address the issue. As a temporary workaround, consider restricting access to the `exportar dump.php` endpoint until the upgrade is applied. Additionally, restrict access to the `config.php` file to minimize the risk of exploitation. At the moment, there is no other information about additional mitigation measures.