AI description
CVE-2025-26615 is a path traversal vulnerability found in WeGIA, an open-source web management application primarily used by Portuguese-speaking institutions. The vulnerability exists in the `examples.php` endpoint, allowing attackers to potentially access the `config.php` file. This file contains sensitive information, including database credentials, which could be leveraged for unauthorized access. The vulnerability has been addressed in WeGIA version 3.2.14. Users are strongly encouraged to update to this version to mitigate the risk. Currently, there are no known workarounds for this vulnerability other than upgrading to the patched version.
- Description
- WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Path Traversal vulnerability was discovered in the WeGIA application, `examples.php` endpoint. This vulnerability could allow an attacker to gain unauthorized access to sensitive information stored in `config.php`. `config.php` contains information that could allow direct access to the database. This issue has been addressed in version 3.2.14 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
- Source
- security-advisories@github.com
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 10
- Impact score
- 6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- security-advisories@github.com
- CWE-22
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
3
🚨 Critical Security Vulnerability 🆔 CVE-2025-26605, CVE-2025-26606, CVE-2025-26607, CVE-2025-26608, CVE-2025-26609, CVE-2025-26610, CVE-2025-26611, CVE-2025-26612, CVE-2025-26613, CVE-2025-26614, CVE-2025-26615, CVE-2025-26616, CVE-2025-26617 💣 CVSS Score: 9.4, 10, 10, 10, 10,
@DarkWebInformer
18 Feb 2025
6763 Impressions
16 Retweets
53 Likes
10 Bookmarks
2 Replies
1 Quote
🚨 Critical Security Vulnerability 🆔 CVE-2025-26605, CVE-2025-26606, CVE-2025-26607, CVE-2025-26608, CVE-2025-26609, CVE-2025-26610, CVE-2025-26611, CVE-2025-26612, CVE-2025-26613, CVE-2025-26614, CVE-2025-26615, CVE-2025-26616, CVE-2025-26617 💣 CVSS Score: 9.4, 10, 10, 10, 10,
@DarkWebInformer
18 Feb 2025
417 Impressions
0 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
[CVE-2025-26615: CRITICAL] Path Traversal vulnerability in WeGIA app's 'examples.php' endpoint could grant hackers unauthorized data access. Upgrade to version 3.2.14 to secure sensitive info stored in 'config.php'.#cybersecurity,#vulnerability https://t.co/n9ZOnPcVUR https://t.c
@CveFindCom
18 Feb 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-26615 WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Path Traversal vulnerability was discovered in the WeGIA application… https://t.co/GSe382fu3O
@CVEnew
18 Feb 2025
360 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes