Unrated severityNVD Advisory· Published Aug 12, 2025· Updated Aug 12, 2025

WeGIA Path Traversal at endpoint 'html/socio/sistema/download_remessa.php' via parameter 'file'

CVE-2025-55169

Description

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a path traversal vulnerability was discovered in the WeGIA application, html/socio/sistema/download_remessa.php endpoint. This vulnerability could allow an attacker to gain unauthorized access to local files in the server and sensitive information stored in config.php. config.php contains information that could allow direct access to the database. This issue has been patched in version 3.4.8.

Affected products

LabRedesCefetRJ/Wegiav5
Range: < 3.4.8

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/LabRedesCefetRJ/WeGIA/commit/e8476168171de2f3e047ed92bbc264c981b416b1mitrex_refsource_MISC
github.com/LabRedesCefetRJ/WeGIA/issues/177mitrex_refsource_MISC
github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-mm3p-7573-4x4jmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000