CVE-2025-55171

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.4.8

Description: WeGIA is a web manager designed for charitable institutions. Prior to version 3.4.8, the application lacks authentication checks at the /html/personalizacao remover.php endpoint. This allows an unauthenticated attacker to delete image files at the /html/personalizacao remover.php endpoint by manipulating the imagem 0 parameter to specify the image ID for deletion.

Recommendations: Upgrade to version 3.4.8 or later.