← Advisories

OpenWGA Developer Studio 3.1.0 OpenDialog Arbitrary Code Execution

Medium

Advisory ID

ZSL-2016-5317

Release Date

13 April 2016

Vendor

Innovation Gate GmbH - https://www.openwga.com

Affected Version

3.1.0.r00147

CVE

N/A

Tested On

Microsoft Windows 7 Professional SP1 (EN), Microsoft Windows 7 Ultimate SP1 (EN), Java/1.8.0.77-b03

Summary

The OpenWGA Developer Studio packages an OpenWGA CMS server together with all necessary development and deployment tools to create, develop, deploy, share and maintain your OpenWGA CMS applications.

Description

The application suffers from an arbitrary code execution vulnerability when using the File OpenDialog box enabling the attacker to execute any binary he or she chooses including elevation of privileges.

Proof of Concept

openwga_odce.txtTXT

Disclosure Timeline

23.02.2016Vulnerability discovered.

28.02.2016Vendor contacted.

12.04.2016No response from the vendor.

13.04.2016Public security advisory released.

Credits

Vulnerability discovered by Gjoko Krstic

References

[1]https://cxsecurity.com/issue/WLB-2016040093

[2]https://packetstormsecurity.com/files/136682

[3]https://exchange.xforce.ibmcloud.com/vulnerabilities/112262

Changelog

13.04.2016Initial release

14.04.2016Added reference [1] and [2]

19.04.2016Added reference [3]