Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2026-28409 PoC — WeGIA 操作系统命令注入漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2026/CVE-2026-28409.yaml
Associated Vulnerability
Title:WeGIA 操作系统命令注入漏洞 (CVE-2026-28409)
Description:WeGIA是Nilson Lazarin个人开发者的一个福利机构的网络管理器。 WeGIA 3.6.5之前版本存在操作系统命令注入漏洞,该漏洞源于数据库恢复功能对特制备份文件名的处理不当,可能导致具有管理员权限的攻击者执行任意操作系统命令。
Description
WeGIA <= 3.6.5 contains a remote code execution caused by improper validation of backup file names in the database restoration functionality, letting attackers with administrative access execute arbitrary OS commands
File Snapshot

 id: CVE-2026-28409

info:
  name: WeGIA <= 3.6.4 - Remote Code Execution
  author: 0x_Akoko
  severi

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.