{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-29T09:39:26.541","vulnerabilities":[{"cve":{"id":"CVE-2025-50201","sourceIdentifier":"security-advisories@github.com","published":"2025-06-19T04:15:49.340","lastModified":"2025-07-02T16:21:03.237","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"WeGIA is a web manager for charitable institutions. Prior to version 3.4.2, an OS Command Injection vulnerability was identified in the /html/configuracao/debug_info.php endpoint. The branch parameter is not properly sanitized before being concatenated and executed in a shell command on the server's operating system. This flaw allows an unauthenticated attacker to execute arbitrary commands on the server with the privileges of the web server user (www-data). This issue has been patched in version 3.4.2."},{"lang":"es","value":"WeGIA es un gestor web para instituciones benéficas. Antes de la versión 3.4.2, se identificó una vulnerabilidad de inyección de comandos del sistema operativo en el endpoint /html/configuracao/debug_info.php. El parámetro de la rama no se depuró correctamente antes de concatenarse y ejecutarse en un comando de shell en el sistema operativo del servidor. Esta falla permite que un atacante no autenticado ejecute comandos arbitrarios en el servidor con los privilegios del usuario del servidor web (www-data). Este problema se ha corregido en la versión 3.4.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wegia:wegia:*:*:*:*:*:*:*:*","versionEndExcluding":"3.4.2","matchCriteriaId":"022D4962-31E5-4F15-A0A0-38FB13114C45"}]}]}],"references":[{"url":"https://github.com/LabRedesCefetRJ/WeGIA/commit/45f32ad1d52775fc99f3c90075c8136c6d4d1d3d","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-52p5-5fmw-9hrf","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}