4 matches found
CVE-2025-58745
The CVE-2025-58745 entry concerns WeGIA, a Web manager for charitable institutions. Technical details from connected documents show an arbitrary file upload vulnerability where MIME-type validation for Excel files at /html/socio/sistema/controller/controla_xlsx.php can be bypassed by embedding Ex...
CVE-2025-22133
creationtimestamp| type| source ---|---|--- 2025-01-07 22:10:14+00:00| seen| https://infosec.exchange/users/cve/statuses/113789358208827936 2025-01-07 22:16:03+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lf6ofmiwrn22 2025-01-07 22:36:49+00:00|...
CVE-2025-22133 WeGIA Allows Arbitrary File Upload with Remote Code Execution (RCE)
WeGIA is a web manager for charitable institutions. Prior to 3.2.8, a critical vulnerability was identified in the /WeGIA/html/socio/sistema/controller/controlaxlsx.php endpoint. The endpoint accepts file uploads without proper validation, allowing the upload of malicious files, such as .phar,...
CVE-2025-22133
Summary of the CVE-2025-22133 family (WeGIA): WeGIA Web Manager prior to version 3.2.8 had a critical arbitrary-file-upload vulnerability at /html/socio/sistema/controller/controla_xlsx.php that allowed uploading files such as .phar, enabling server execution. The issue persisted in later advisor...