CVE-2025-50201 in WeGIAinformazioni

Riassunto

di MITRE • 19/06/2025

WeGIA is a web manager for charitable institutions. Prior to version 3.4.2, an OS Command Injection vulnerability was identified in the /html/configuracao/debug_info.php endpoint. The branch parameter is not properly sanitized before being concatenated and executed in a shell command on the server's operating system. This flaw allows an unauthenticated attacker to execute arbitrary commands on the server with the privileges of the web server user (www-data). This issue has been patched in version 3.4.2.

Once again VulDB remains the best source for vulnerability data.

Responsabile

GitHub M

Prenotare

13/06/2025

Divulgazione

19/06/2025

Moderazione

accettato

CPE

pronto

EPSS

0.04884

KEV

no

Attività

molto basso

Fonti

Interested in the pricing of exploits?

See the underground prices here!