wgcloud Arbitrary File Read Vulnerability in Database Management Component
Vulnerability
An arbitrary file read vulnerability has been identified in the wgcloud application, specifically in versions through 3.6.2. This vulnerability resides in the backend database management's test connection function, where it can be exploited to read any file from the victim's server. The issue is related to how the JDBC URL is handled, particularly with MySQL Connector/J.
Impact
Exploitation of this vulnerability allows for arbitrary file read on the server where wgcloud is running.
Reproduction
To reproduce this vulnerability, download and install wgcloud version 3.6.2 or earlier. After starting the application, navigate to the database management section and use the test connection function. The vulnerability can be exploited by adding a payload to the JDBC connection string that includes 'allowLoadLocalInfile=true' and 'allowUrlInLocalInfile=true', which enables the reading of local files on the server.
Remediation
Users can update to wgcloud version 3.6.3, but it is unclear if this version fully addresses the vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.