Описание
WeGIA is a Web manager for charitable institutions. An OS Command Injection vulnerability was discovered in versions prior to 3.2.15 of the WeGIA application, importar_dump.php endpoint. This vulnerability could allow an attacker to execute arbitrary code remotely. The command is basically a command to move a temporary file, so a webshell upload is also possible. Version 3.2.15 contains a patch for the issue.
Уязвимые конфигурации
Конфигурация 1Версия до 3.2.15 (исключая)
cpe:2.3:a:wegia:wegia:*:*:*:*:*:*:*:*
EPSS
Процентиль: 94%
0.11887
Средний
9.8 Critical
CVSS3
Дефекты
CWE-78
CWE-78
EPSS
Процентиль: 94%
0.11887
Средний
9.8 Critical
CVSS3
Дефекты
CWE-78
CWE-78