CVE-2025-58159

Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.4.11

Description WeGIA is a Web manager for charitable institutions. A remote code execution issue was identified due to improper validation of uploaded files. The application allows attackers to upload files with arbitrary filenames, including those with a .php extension. Uploaded files are written to disk without adequate sanitization or extension restrictions, allowing a spreadsheet file followed by PHP code to be uploaded and executed on the server, leading to arbitrary code execution.

Recommendations Upgrade to version 3.4.11 or later.