CVE-2026-28409

CRITICAL LAB

WeGIA <3.6.5 - RCE

Title source: llm

Description

WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, a critical Remote Code Execution (RCE) vulnerability exists in the WeGIA application's database restoration functionality. An attacker with administrative access (which can be obtained via the previously reported Authentication Bypass) can execute arbitrary OS commands on the server by uploading a backup file with a specifically crafted filename. Version 3.6.5 fixes the issue.

Exploits (1)

github STUB 1 stars

by exploitintel · pythonpoc

https://github.com/exploitintel/eip-pocs-and-cves/tree/main/CVE-2026-28409

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-5m5g-q2vv-rv3r

Scores

CVSS v3 10.0

EPSS 0.0030

EPSS Percentile 52.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Lab Environment

patched vulnerable

docker pull ghcr.io/exploitintel/cve-2026-28409-vulnerable:latest

All Labs GitHub

Classification

CWE

CWE-78

Status published

Affected Products (1)

wegia/wegia < 3.6.5

Timeline

Published Feb 27, 2026

Tracked Since Feb 28, 2026