PT-2025-7791 · Wegia · Wegia

Chan-Woong

Published

2025-02-24

Updated

2025-03-03

CVE-2025-27140

CVSS v4.0

Critical

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.2.15

Description WeGIA is a Web manager for charitable institutions. An OS Command Injection issue was discovered, allowing an attacker to execute arbitrary code remotely via the importar dump.php endpoint. This could also enable a webshell upload.

Recommendations For versions prior to 3.2.15, update to version 3.2.15 to apply the patch for the issue. As a temporary workaround, consider restricting access to the importar dump.php endpoint until the update can be applied.

Exploit

Fix

Improper Access Control

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-78

Related Identifiers

CVE-2025-27140

GHSA-XW6W-X28R-2P5C

Affected Products

Wegia

PT-2025-7791 · Wegia · Wegia

CVE-2025-27140

Weakness Enumeration

Related Identifiers

Affected Products

References · 13