WeGIA is a Web manager for charitable institutions. Prior to version 3.4.11, a remote code execution vulnerability was identified, caused by improper validation of uploaded files. The application allows an attacker to upload files with arbitrary filenames, including those with a .php extension. Because the uploaded file is written directly to disk without adequate sanitization or extension restrictions, a spreadsheet file followed by PHP code can be uploaded and executed on the server, leading to arbitrary code execution. This is due to insufficient mitigation of CVE-2025-22133. This issue has been patched in version 3.4.11.
Metrics
Affected Vendors & Products
References
History
Tue, 02 Sep 2025 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Wegia
Wegia wegia |
|
Vendors & Products |
Wegia
Wegia wegia |
Fri, 29 Aug 2025 22:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | WeGIA is a Web manager for charitable institutions. Prior to version 3.4.11, a remote code execution vulnerability was identified, caused by improper validation of uploaded files. The application allows an attacker to upload files with arbitrary filenames, including those with a .php extension. Because the uploaded file is written directly to disk without adequate sanitization or extension restrictions, a spreadsheet file followed by PHP code can be uploaded and executed on the server, leading to arbitrary code execution. This is due to insufficient mitigation of CVE-2025-22133. This issue has been patched in version 3.4.11. | |
Title | WeGIA Authenticated Arbitrary File Upload Leading To Remote Code Execution (RCE) | |
Weaknesses | CWE-434 CWE-94 |
|
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2025-09-02T19:24:25.237Z
Reserved: 2025-08-27T13:34:56.186Z
Link: CVE-2025-58159

No data.

Status : Awaiting Analysis
Published: 2025-08-29T23:15:32.347
Modified: 2025-09-02T15:55:35.520
Link: CVE-2025-58159

No data.

Updated: 2025-09-02T15:23:31Z