Information Exposure Through an Error Message in WeGIA - #VU127886
Published: April 25, 2026
Vulnerability identifier: #VU127886
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-209
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: LabReDeS
Affected software:
WeGIA
WeGIA
Detailed vulnerability description
The vulnerability allows a remote user to disclose sensitive information.
The vulnerability exists due to improper error handling in docdependente_upload.php when uploading a malicious file. A remote user can submit a crafted file upload to disclose sensitive information.
The application returns verbose error messages that may reveal technical details such as permitted file extensions, maximum buffer sizes, or image processing libraries in use.
Remediation
Install security update from vendor's website.