CVE-2025-22133
CVE-2025-22133
Título es
CVE-2025-22133
Mar, 07/01/2025 – 22:15
Tipo
CWE-94
Gravedad 2.0 Txt
Pendiente de análisis
Título en
CVE-2025-22133
Descripción en
WeGIA is a web manager for charitable institutions. Prior to 3.2.8, a critical vulnerability was identified in the /WeGIA/html/socio/sistema/controller/controla_xlsx.php endpoint. The endpoint accepts file uploads without proper validation, allowing the upload of malicious files, such as .phar, which can then be executed by the server. This vulnerability is fixed in 3.2.8.
07/01/2025
07/01/2025
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Gravedad 3.1 (CVSS 3.1 Base Score)
9.90
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
CRITICAL
Referencias
Enviar en el boletín
Off
