WeGIA Path Traversal at endpoint ‘html/socio/sistema/download_remessa.php’ via parameter ‘file’

10 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Description

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a path traversal vulnerability was discovered in the WeGIA application, html/socio/sistema/download_remessa.php endpoint. This vulnerability could allow an attacker to gain unauthorized access to local files in the server and sensitive information stored in config.php. config.php contains information that could allow direct access to the database. This issue has been patched in version 3.4.8.

Basic Information

ID CVE-2025-55169

Source GitHub_M

Published Aug 12, 2025 at 19:01

Modified Aug 12, 2025 at 19:24

Affected Product

Vendor LabRedesCefetRJ

Product WeGIA

Version < 3.4.8

Affected Versions LabRedesCefetRJ WeGIA < 3.4.8

CWE Classification

CWE-287 CWE-22

References

{
    "lastseen": "",
    "description": "WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a path traversal vulnerability was discovered in the WeGIA application, html/socio/sistema/download_remessa.php endpoint. This vulnerability could allow an attacker to gain unauthorized access to local files in the server and sensitive information stored in config.php. config.php contains information that could allow direct access to the database. This issue has been patched in version 3.4.8.",
    "published": "2025-08-12T19:01:40.482Z",
    "modified": "2025-08-12T19:24:39.679Z",
    "type": "cve",
    "title": "WeGIA Path Traversal at endpoint 'html/socio/sistema/download_remessa.php' via parameter 'file'",
    "source": "GitHub_M",
    "references": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-mm3p-7573-4x4j\nhttps://github.com/LabRedesCefetRJ/WeGIA/issues/177\nhttps://github.com/LabRedesCefetRJ/WeGIA/commit/e8476168171de2f3e047ed92bbc264c981b416b1",
    "id": "CVE-2025-55169",
    "bulletinFamily": "",
    "cwe": [
        "CWE-287",
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "LabRedesCefetRJ WeGIA < 3.4.8",
    "sourceHref": "",
    "cvss": {
        "score": 10,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "WeGIA",
    "version": "< 3.4.8",
    "vendor": "LabRedesCefetRJ",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

WeGIA Path Traversal at endpoint ‘html/socio/sistema/download_remessa.php’ via parameter ‘file’_CVE-2025-55169