Metrics
Affected Vendors & Products
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Wed, 24 Sep 2025 18:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:wegia:wegia:*:*:*:*:*:*:*:* |
Wed, 03 Sep 2025 09:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 02 Sep 2025 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Wegia
Wegia wegia |
|
Vendors & Products |
Wegia
Wegia wegia |
Fri, 29 Aug 2025 22:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | WeGIA is a Web manager for charitable institutions. Prior to version 3.4.11, a remote code execution vulnerability was identified, caused by improper validation of uploaded files. The application allows an attacker to upload files with arbitrary filenames, including those with a .php extension. Because the uploaded file is written directly to disk without adequate sanitization or extension restrictions, a spreadsheet file followed by PHP code can be uploaded and executed on the server, leading to arbitrary code execution. This is due to insufficient mitigation of CVE-2025-22133. This issue has been patched in version 3.4.11. | |
Title | WeGIA Authenticated Arbitrary File Upload Leading To Remote Code Execution (RCE) | |
Weaknesses | CWE-434 CWE-94 |
|
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2025-09-02T19:24:25.237Z
Reserved: 2025-08-27T13:34:56.186Z
Link: CVE-2025-58159

Updated: 2025-09-02T19:24:21.962Z

Status : Analyzed
Published: 2025-08-29T23:15:32.347
Modified: 2025-09-24T18:36:12.110
Link: CVE-2025-58159

No data.

Updated: 2025-09-02T15:23:31Z