Vulnerability Description
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, the application does not check authentication at endpoint /html/personalizacao_remover.php allowing anonymous attacker (without login) to delete any Image files at endpoint /html/personalizacao_remover.php by defining imagem_0 as image id to delete. This issue has been patched in version 3.4.8.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wegia | Wegia | < 3.4.8 |
Related Weaknesses (CWE)
References
- https://github.com/LabRedesCefetRJ/WeGIA/commit/aa63f499a285bf91795b9836eec0425ePatch
- https://github.com/LabRedesCefetRJ/WeGIA/issues/109Issue Tracking
- https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-8rm5-3jvx-hcxvThird Party Advisory
FAQ
What is CVE-2025-55171?
CVE-2025-55171 is a vulnerability with a CVSS score of 7.5 (HIGH). WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, the application does not check authentication at endpoint /html/persona...
How severe is CVE-2025-55171?
CVE-2025-55171 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-55171?
Check the references section above for vendor advisories and patch information. Affected products include: Wegia Wegia.