CVE-2025-55169 PoC — WeGIA Path Traversal at endpoint 'html/socio/sistema/download_remessa.php' via parameter 'file'

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-55169.yaml

Associated Vulnerability

Title:WeGIA Path Traversal at endpoint 'html/socio/sistema/download_remessa.php' via parameter 'file' (CVE-2025-55169)
Description:WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a path traversal vulnerability was discovered in the WeGIA application, html/socio/sistema/download_remessa.php endpoint. This vulnerability could allow an attacker to gain unauthorized access to local files in the server and sensitive information stored in config.php. config.php contains information that could allow direct access to the database. This issue has been patched in version 3.4.8.

Description

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a path traversal vulnerability was discovered in the WeGIA application, html/socio/sistema/download_remessa.php endpoint. This vulnerability could allow an attacker to gain unauthorized access to local files in the server and sensitive information stored in config.php. config.php contains information that could allow direct access to the database. This issue has been patched in version 3.4.8.

File Snapshot


 id: CVE-2025-55169

info:
  name: WeGIA - Directory Traversal
  author: praivesi
  severity: critica

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!