WeGIA Arbitrary File Upload Vulnerability Leading to Remote Code Execution

A critical vulnerability exists in WeGIA versions prior to 3.2.8, specifically in the file upload endpoint '/WeGIA/html/socio/sistema/controller/controla_xlsx.php'. This vulnerability allows for the upload of malicious files, such as .phar files, without proper validation. Once uploaded, these files can be executed on the server, leading to remote code execution.

Impact

Exploitation of this vulnerability allows for arbitrary file uploads, with .phar files being executed on the server. This could lead to remote code execution, where an attacker could execute commands on the server with the same privileges as the web server user.

Reproduction

To reproduce this vulnerability, upload a .phar file containing a payload, such as a reverse shell, through the '/WeGIA/html/socio/sistema/controller/controla_xlsx.php' endpoint. After uploading, execute the payload by accessing the uploaded file via the web server.

Remediation

Users are advised to update WeGIA to version 3.2.8 or later, where this vulnerability has been fixed.