CVE-2025-26616

Published Feb 18, 2025

Last updated 4 days ago

CVSS critical 10.0

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-26616 is a path traversal vulnerability found in WeGIA, an open-source web management application primarily used by Portuguese-speaking institutions. The vulnerability exists in the `exportar_dump.php` endpoint. Exploitation of this vulnerability could allow unauthorized access to the `config.php` file, potentially exposing sensitive information.

Description
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Path Traversal vulnerability was discovered in the WeGIA application, `exportar_dump.php` endpoint. This vulnerability could allow an attacker to gain unauthorized access to sensitive information stored in `config.php`. `config.php` contains information that could allow direct access to the database. This issue has been addressed in version 3.2.14 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Source
security-advisories@github.com
NVD status
Received

Risk scores

CVSS 4.0

Type
Secondary
Base score
10
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
CRITICAL

Weaknesses

security-advisories@github.com
CWE-22

Social media

Hype score
Not currently trending

  1. CVE-2025-26616 Path Traversal in WeGIA Web Manager Allows Unauthorized Database Access https://t.co/JJqBjTXMDN

    @VulmonFeeds

    18 Feb 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 Critical Security Vulnerability 🆔 CVE-2025-26605, CVE-2025-26606, CVE-2025-26607, CVE-2025-26608, CVE-2025-26609, CVE-2025-26610, CVE-2025-26611, CVE-2025-26612, CVE-2025-26613, CVE-2025-26614, CVE-2025-26615, CVE-2025-26616, CVE-2025-26617 💣 CVSS Score: 9.4, 10, 10, 10, 10,

    @DarkWebInformer

    18 Feb 2025

    6763 Impressions

    16 Retweets

    53 Likes

    10 Bookmarks

    2 Replies

    1 Quote

  3. 🚨 Critical Security Vulnerability 🆔 CVE-2025-26605, CVE-2025-26606, CVE-2025-26607, CVE-2025-26608, CVE-2025-26609, CVE-2025-26610, CVE-2025-26611, CVE-2025-26612, CVE-2025-26613, CVE-2025-26614, CVE-2025-26615, CVE-2025-26616, CVE-2025-26617 💣 CVSS Score: 9.4, 10, 10, 10, 10,

    @DarkWebInformer

    18 Feb 2025

    417 Impressions

    0 Retweets

    3 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  4. [CVE-2025-26616: CRITICAL] Critical Path Traversal vulnerability found in WeGIA's `exportar_dump.php`. Upgrade to version 3.2.14 to secure sensitive info in `config.php`. No workarounds available.#cybersecurity,#vulnerability https://t.co/XMW0CVcxrT https://t.co/JCgDB8e1Yk

    @CveFindCom

    18 Feb 2025

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References