Wegia
CVE-2026-28409
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionGitHub Advisory
WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, a critical Remote Code Execution (RCE) vulnerability exists in the WeGIA application's database restoration functionality. An attacker with administrative access (which can be obtained via the previously reported Authentication Bypass) can execute arbitrary OS commands on the server by uploading a backup file with a specifically crafted filename. Version 3.6.5 fixes the issue.
AnalysisAI
Critical RCE via OS command injection in WeGIA before 3.6.5. Unauthenticated attackers can execute arbitrary commands on the server. CVSS 10.0 with PoC available.
Technical ContextAI
CWE-78 OS command injection. Most severe of the three WeGIA CVEs — enables complete server compromise without authentication.
RemediationAI
Update WeGIA to 3.6.5 immediately. Audit server for signs of compromise.
Critical OS Command Injection vulnerability in WeGIA (a web management system for charitable institutions) versions prio
WeGIA is a Web manager for charitable institutions. Rated critical severity (CVSS 10.0), this vulnerability is remotely
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Rated critical severity
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Rated critical
WeGIA is a Web manager for charitable institutions. Rated critical severity (CVSS 10.0), this vulnerability is remotely
WeGIA is a web manager for charitable institutions. Rated critical severity (CVSS 10.0), this vulnerability is remotely
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Rated critical severity
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Rated critical severity
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Rated critical severity
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Rated critical severity
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Rated critical severity
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Rated critical severity
Same weakness CWE-78 – OS Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today