WeGIA Authentication Bypass Vulnerability Allowing Unauthorized Image Deletion

An authentication bypass vulnerability has been identified in WeGIA versions prior to 3.4.8. The issue resides in the endpoint '/html/personalizacao_remover.php', where the application fails to verify user authentication. This flaw enables anonymous users to delete image files by sending a POST request with the 'imagem_0' parameter set to the ID of the image to be removed. The vulnerability allows for the deletion of any image file, except for a default file associated with 'imagem_id = 1'.

Impact

Exploitation of this vulnerability allows for the unauthorized deletion of image files via the '/html/personalizacao_remover.php' endpoint.

Reproduction

To reproduce this vulnerability, send a POST request to the '/WeGIA/html/personalizacao_remover.php' endpoint. Include the 'imagem_0' parameter with the ID of the image file to be deleted. The request can be made using a tool like Postman or through a script that automates the process.

Remediation

Users are advised to update to WeGIA version 3.4.8 or later, where this vulnerability has been patched.