CVE-2026-28409

CRITICAL NUCLEI LAB

WeGIA < 3.6.5 - Authenticated Remote Code Execution via Database Restore Filename

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-28409. PoCs published by exploitintel. A Nuclei detection template is also available.

AI-analyzed exploit summary The repository contains only an embargo notice for CVE-2026-28409, indicating a command injection bypass in WeGIA. No actual exploit code or technical details are provided, only a placeholder for future documentation.

Description

WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, a critical Remote Code Execution (RCE) vulnerability exists in the WeGIA application's database restoration functionality. An attacker with administrative access (which can be obtained via the previously reported Authentication Bypass) can execute arbitrary OS commands on the server by uploading a backup file with a specifically crafted filename. Version 3.6.5 fixes the issue.

Exploits (1)

github STUB 1 stars

by exploitintel · pythonpoc

https://github.com/exploitintel/eip-pocs-and-cves/tree/main/CVE-2026-28409

View Code ZIP pw:eip

The repository contains only an embargo notice for CVE-2026-28409, indicating a command injection bypass in WeGIA. No actual exploit code or technical details are provided, only a placeholder for future documentation.

Classification

Stub 90%

Attack Type

Other

Complexity

Theoretical

Reliability

Theoretical

Target: WeGIA (version unspecified)

No auth needed

Prerequisites: none specified

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Mar 02, 2026 Full analysis →

Nuclei Templates (1)

WeGIA <= 3.6.4 - Remote Code Execution

CRITICALVERIFIEDby 0x_Akoko

Shodan: http.html:"WeGIA"

FOFA: body="WeGIA"

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-5m5g-q2vv-rv3r

Related Analysis

72-Hour Stress Test

Scores

CVSS v3 10.0

EPSS 0.0122

EPSS Percentile 79.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Lab Environment

EIP LAB

patched docker pull ghcr.io/exploitintel/cve-2026-28409-patched:latest

vulnerable docker pull ghcr.io/exploitintel/cve-2026-28409-vulnerable:latest

View in Library GitHub

Details

CWE

CWE-78

Status published

Products (1)

wegia/wegia < 3.6.5

Published Feb 27, 2026

Tracked Since Feb 28, 2026