WeGIA OS Command Injection Vulnerability in importar_dump.php Endpoint Allowing Remote Code Execution

A command injection vulnerability has been identified in the WeGIA application, specifically in versions prior to 3.2.15. The issue resides in the 'importar_dump.php' endpoint, where user input is not properly validated, allowing attackers to execute arbitrary commands on the server. This vulnerability could be exploited to upload a web shell, as the command injection could be used to move a temporary file into a location accessible by the web server. The flaw exists because the application fails to sanitize file upload inputs, enabling unauthorized code execution, even for users not logged in.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the server. This could lead to a web server takeover if the executed code is able to gain root privileges, allowing an attacker to install malware or manipulate server operations. Additionally, the vulnerability could be exploited to upload a web shell, providing persistent access to the server.

Reproduction

To reproduce this vulnerability, upload a file through the 'importar_dump.php' endpoint with a crafted filename that includes command injection payloads. The injected commands will be executed on the server, demonstrating the command injection vulnerability. After the command execution, the uploaded file can be accessed via the web server, confirming the exploitation.

Remediation

Users can update to WeGIA version 3.2.15 or later, where this vulnerability has been patched.