exploitDog

CVE-2025-55171

Опубликовано: 12 авг. 2025

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, the application does not check authentication at endpoint /html/personalizacao_remover.php allowing anonymous attacker (without login) to delete any Image files at endpoint /html/personalizacao_remover.php by defining imagem_0 as image id to delete. This issue has been patched in version 3.4.8.

Ссылки

https://github.com/LabRedesCefetRJ/WeGIA/commit/aa63f499a285bf91795b9836eec0425e7eafe570
Patch
https://github.com/LabRedesCefetRJ/WeGIA/issues/109
Issue Tracking
https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-8rm5-3jvx-hcxv
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wegia:wegia:*:*:*:*:*:*:*:*

Версия до 3.4.8 (исключая)

EPSS

Процентиль: 24%

0.00081

Низкий

7.5 High

CVSS3

Дефекты

CWE-287

EPSS

Процентиль: 24%

0.00081

Низкий

7.5 High

CVSS3

Дефекты

CWE-287