Farinap5

**Name of the Vulnerable Software and Affected Versions** WeGIA versions prior to 3.4.11 **Description** WeGIA is a Web manager for charitable institutions. A remote code execution issue was identified due to improper validation of uploaded files. The application allows attackers to upload files with arbitrary filenames, including those with a .php extension. Uploaded files are written to disk without adequate sanitization or extension restrictions, allowing a spreadsheet file followed by PHP code to be uploaded and executed on the server, leading to arbitrary code execution. **Recommendations** Upgrade to version 3.4.11 or later.