CVE-2025-26613

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.2.14

Description: WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. An OS Command Injection vulnerability was discovered in the WeGIA application, gerenciar backup.php endpoint. This vulnerability could allow an attacker to execute arbitrary code remotely.

Recommendations: For versions prior to 3.2.14, upgrade to version 3.2.14 to address the issue. As a temporary workaround, consider restricting access to the gerenciar backup.php endpoint until the upgrade is applied. There are no known workarounds for this vulnerability.