Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-55171

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, the application does not check authentication at endpoint /html/personalizacao_remover.php allowing anonymous attacker (without login) to delete any Image files at endpoint /html/personalizacao_remover.php by defining imagem_0 as image id to delete. This issue has been patched in version 3.4.8.

Published

2025-08-12T21:15:43.633

Last Modified

2025-08-14T01:33:13.160

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-287

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	wegia	wegia	< 3.4.8	Yes

References

https://github.com/LabRedesCefetRJ/WeGIA/commit/aa63f499a285bf91795b9836eec0425e7eafe570 Patch ([email protected])
https://github.com/LabRedesCefetRJ/WeGIA/issues/109 Issue Tracking ([email protected])
https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-8rm5-3jvx-hcxv Third Party Advisory ([email protected])