Vulnerability in Labredescefetrj Wegia

CVE-2026-31894

WeGIA is a web manager for charitable institutions. In 3.6.5, The patched loadBackupDB() extracts tar.gz archives to a temporary directory using PHP's PharData class, then uses glob() and file_get_contents() to read SQL files from the extr…

EPSS: 0.001 (26.5th percentile) — read the EPSS interpretation.

Affected products

Labredescefetrj Wegia — versions >= 3.6.5, < 3.6.6

Weakness classification (CWE)

CWE-59 — Improper Link Resolution Before File Access

References

https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-6mmm-27h8-8g55 (x_refsource_CONFIRM)
https://github.com/LabRedesCefetRJ/WeGIA/commit/79e7a164eddb527e3b331037b7a4defb8c115d50 (x_refsource_MISC)