CVE-2025-26616

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.2.14

Description: A Path Traversal issue was discovered in the WeGIA application, affecting the exportar dump.php endpoint. This could allow an attacker to gain unauthorized access to sensitive information stored in config.php, which contains data that could enable direct access to the database.

Recommendations: For versions prior to 3.2.14, upgrade to version 3.2.14 to address the issue. As a temporary workaround, consider restricting access to the exportar dump.php endpoint until the upgrade is applied. Additionally, restrict access to the config.php file to minimize the risk of exploitation. At the moment, there is no other information about additional mitigation measures.