Home > Vulnerability Database > CVE-2025-22133

Mend.io Vulnerability Database

CVE-2025-22133

Date: January 7, 2025

WeGIA is a web manager for charitable institutions. Prior to 3.2.8, a critical vulnerability was identified in the /WeGIA/html/socio/sistema/controller/controla_xlsx.php endpoint. The endpoint accepts file uploads without proper validation, allowing the upload of malicious files, such as .phar, which can then be executed by the server. This vulnerability is fixed in 3.2.8.

Severity Score

9.9

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-22133

Url: https://github.com/nilsonLazarin/WeGIA/security/advisories/GHSA-mjgr-2jxv-v8qf

Url: https://github.com/nilsonLazarin/WeGIA/commit/a08f04de96d3caec85496d7a89a5b82d1960d9dd

Url: https://www.mend.io/vulnerability-database/CVE-2025-22133

Severity Score

9.9

Weakness Type (CWE)

Improper Control of Generation of Code ('Code Injection')

CWE-94

Unrestricted Upload of File with Dangerous Type

CWE-434

CVSS v3.1

Base Score:	9.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-22133

Date: January 7, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?