Wyn Enterprise .NET Reflection-Based Server-Side Template Injection Vulnerability Allowing Remote Code Execution
Vulnerability
A vulnerability in Wyn Enterprise's report generation feature allows for improper code inclusion, which can be exploited by low-privileged users to execute malicious code, load DLLs, and run OS commands with elevated privileges. This issue arises from the application's insufficient validation of code inputs in its templating engine, particularly within the Expression Editor used for customizing reports. The vulnerability affects all versions of Wyn Enterprise prior to 8.0.00204.0.
Impact
Exploitation of this vulnerability leads to unauthorized remote code execution on the host system, with the executed commands running under the application's high privileges.
Reproduction
The vulnerability can be reproduced by creating a report template that includes a code expression. After saving the template, the code execution can be verified through the report's preview feature. The exploitation involves bypassing input sanitization to execute commands via the .NET Process class, leveraging assembly reflection to access and invoke methods that facilitate command execution.
Remediation
Users are advised to update Wyn Enterprise to version 8.0.00204.0 or later.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.