WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, the script in adicionar_tipo_docs_atendido.php does not go through the project's central controller and does not have its own authentication and permission checks. A malicious user could make a request through tools like Postman or the file's URL on the web to access features exclusive to employees. The vulnerability allows external parties to inject unauthorized data in massive quantities into the application server's storage. Version 3.6.5 fixes the issue.
The script adicionar_tipo_docs_atendido.php is directly accessible via URL or tools like Postman without passing through the application's central controller. Since it does not implement its own authentication or permission controls (CWE-287, CWE-862), any external user can send HTTP requests to it. In this way, an attacker can use functionality intended for logged-in employees and uncontrollably write large amounts of data to the server's disk space.
An attacker without any authentication can gain access to functions reserved for employees and mass inject unauthorized data into the database/server resources, which may lead to data integrity violations, disk space exhaustion, and application disruption.
WeGIA should be updated to version 3.6.5, which introduces a fix eliminating the vulnerability by including the script in the project's central access control mechanism.
WeGIA in versions before 3.6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HWegia
APPWegia< 3.6.5
Related vulnerabilities
SQL Injection w WeGIA — kompromitacja bazy danych przez parametr id_produto
Reflected XSS w WeGIA — wstrzyknięcie kodu przez parametr sccd
Reflected XSS w WeGIA — wstrzyknięcie kodu JS przez parametr GET
SQL Injection w WeGIA – nieautoryzowane wykonanie poleceń SQL
WeGIA – RCE przez command injection w funkcji przywracania bazy danych