PT-2026-39725 · Wegia · Wegia
Arthurvel
·
Published
2026-05-11
·
Updated
2026-05-11
·
CVE-2026-42871
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
WeGIA versions prior to 3.7.0
Description
The software displays overly descriptive error messages containing database-related details through the 'atendido/familiar docfamiliar.php' endpoint. This information disclosure can be used to map the backend infrastructure and expand the attack surface.
Recommendations
Update to version 3.7.0.
Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wegia