CVE-2025-26615

Published Feb 18, 2025

Last updated a year ago

CVSS critical 10.0

Overview

Description
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Path Traversal vulnerability was discovered in the WeGIA application, `examples.php` endpoint. This vulnerability could allow an attacker to gain unauthorized access to sensitive information stored in `config.php`. `config.php` contains information that could allow direct access to the database. This issue has been addressed in version 3.2.14 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Source
security-advisories@github.com
NVD status
Analyzed
Products
wegia

Risk scores

CVSS 3.1

Type
Primary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity
HIGH

Weaknesses

security-advisories@github.com
CWE-22
nvd@nist.gov
CWE-22

Social media

Hype score
Not currently trending

  1. 🚨 Critical Security Vulnerability 🆔 CVE-2025-26605, CVE-2025-26606, CVE-2025-26607, CVE-2025-26608, CVE-2025-26609, CVE-2025-26610, CVE-2025-26611, CVE-2025-26612, CVE-2025-26613, CVE-2025-26614, CVE-2025-26615, CVE-2025-26616, CVE-2025-26617 💣 CVSS Score: 9.4, 10, 10, 10, 10,

    @DarkWebInformer

    18 Feb 2025

    6763 Impressions

    16 Retweets

    53 Likes

    10 Bookmarks

    2 Replies

    1 Quote

  2. 🚨 Critical Security Vulnerability 🆔 CVE-2025-26605, CVE-2025-26606, CVE-2025-26607, CVE-2025-26608, CVE-2025-26609, CVE-2025-26610, CVE-2025-26611, CVE-2025-26612, CVE-2025-26613, CVE-2025-26614, CVE-2025-26615, CVE-2025-26616, CVE-2025-26617 💣 CVSS Score: 9.4, 10, 10, 10, 10,

    @DarkWebInformer

    18 Feb 2025

    417 Impressions

    0 Retweets

    3 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  3. [CVE-2025-26615: CRITICAL] Path Traversal vulnerability in WeGIA app's 'examples.php' endpoint could grant hackers unauthorized data access. Upgrade to version 3.2.14 to secure sensitive info stored in 'config.php'.#cybersecurity,#vulnerability https://t.co/n9ZOnPcVUR https://t.c

    @CveFindCom

    18 Feb 2025

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2025-26615 WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Path Traversal vulnerability was discovered in the WeGIA application… https://t.co/GSe382fu3O

    @CVEnew

    18 Feb 2025

    360 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. WeGIA is a web manager for charitable institutions. Prior to version 3.6.7, the file `html/socio/sistema/deletar_tag.php` uses `extract($_REQUEST)` on line 14 and directly concatenates the `$id_tag` variable into SQL queries on lines 16-17 without prepared statements or sanitization. Version 3.6.7 patches the vulnerability.CVE-2026-33991
  2. WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting (XSS) vulnerability in the novo_memorandoo.php endpoint. An attacker can inject arbitrary JavaScript into the sccs GET parameter, which is directly echoed into the HTML response without any sanitization or encoding. The script /html/memorando/novo_memorandoo.php reads HTTP GET parameters to display dynamic success messages to the user. At approximately line 273, the code checks if $_GET['msg'] equals 'success'. If true, it directly concatenates $_GET['sccs'] into an HTML alert <div> and outputs it to the browser. This issue has been fixed in version 3.6.7.CVE-2026-33135
  3. WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting (XSS) vulnerability in the listar_memorandos_ativos.php endpoint. An attacker can inject arbitrary JavaScript or HTML tags into the sccd GET parameter, which is then directly echoed into the HTML response without any sanitization or encoding. The script /html/memorando/listar_memorandos_ativos.php handles dynamic success messages to users using query string parameters. Similar to other endpoints in the Memorando module, it checks if $_GET['msg'] equals 'success'. If this condition is met, it directly concatenates and reflects $_GET['sccd'] into an HTML alert <div>. This issue is resolved in version 3.6.7.CVE-2026-33136
  4. WeGIA is a web manager for charitable institutions. In versions 3.6.5 and 3.6.6, the loadBackupDB() function imports SQL files from uploaded backup archives without any content validation. An attacker can craft a backup archive containing arbitrary SQL statements that create rogue administrator accounts, modify existing passwords, or execute any database operation. This was introduced in commit 370104c. This issue was patched in version 3.6.7.CVE-2026-33133
  5. WeGIA is a web manager for charitable institutions. Versions 3.6.5 and below contain an authenticated SQL Injection vulnerability in the html/matPat/restaurar_produto.php endpoint. The vulnerability allows an authenticated attacker to inject arbitrary SQL commands via the id_produto GET parameter, leading to full database compromise. In the script /html/matPat/restaurar_produto.php, the application retrieves the id_produto parameter directly from the $_GET global array and interpolates it directly into two SQL query strings without any sanitization, type-casting (e.g., (int)), or using parameterized (prepare/execute) statements. This issue has been fixed in version 3.6.6.CVE-2026-33134

References

Sources include official advisories and independent security research.