CVE-2025-26615

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.2.14

Description: A Path Traversal vulnerability was discovered in the WeGIA application, affecting the examples.php endpoint. This issue could allow an attacker to gain unauthorized access to sensitive information stored in config.php, which contains data that could permit direct access to the database.

Recommendations: For versions prior to 3.2.14, upgrade to version 3.2.14 to secure sensitive information stored in config.php. As a temporary workaround, consider restricting access to the examples.php endpoint until the upgrade is applied. Additionally, avoid using the config.php file in a way that could expose its contents until the issue is resolved.