CVE-2025-22133

Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.2.8

Description A critical issue was identified in the "/WeGIA/html/socio/sistema/controller/controla xlsx.php" endpoint, which accepts file uploads without proper validation. This allows the upload of malicious files, such as .phar, which can then be executed by the server.

Recommendations For versions prior to 3.2.8, upgrade to version 3.2.8 to resolve the issue. As a temporary workaround, consider disabling the file upload functionality in the vulnerable endpoint until a patch is applied. Restrict access to the /WeGIA/html/socio/sistema/controller/controla xlsx.php endpoint to minimize the risk of exploitation.