WeGIA is a Web manager for charitable institutions. An OS Command Injection vulnerability was discovered in versions prior to 3.2.15 of the WeGIA application, `importar_dump.php` endpoint. This vulnerability could allow an attacker to execute arbitrary code remotely. The command is basically a command to move a temporary file, so a webshell upload is also possible. Version 3.2.15 contains a patch for the issue.
#ANDROID

Android incorporates industry-leading security features to keep the Android platform and ecosystem safe. Learn more about Android's robust security model and rigorous security program.

The OWASP Mobile Application Security (MAS) flagship project provides a security standard for mobile apps (OWASP MASVS) and a comprehensive testing guide (OWASP MASTG) that covers the processes, techniques, and tools used during a mobile app security test, as well as an exhaustive set of test cases that enables testers to deliver consistent and complete results.

Catch up on the latest security news from Promon. We cover relevant topics from the security space such as application security, iOS and android malware, code obfuscation, compliance, API protection and more.