CVE-2026-28409

Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.6.5

Description WeGIA is a web manager for charitable institutions. A critical Remote Code Execution (RCE) issue exists in the application’s database restoration functionality. An attacker with administrative access can execute arbitrary OS commands on the server by uploading a specifically crafted backup file. The vulnerability is triggered through a filename manipulation within the database restoration process.

Recommendations Versions prior to 3.6.5 should be updated to version 3.6.5 or later.