SQL Injection Vulnerability in WeGIA Software by WeGIA
CVE-2024-57034

9.8CRITICAL

Key Information:

Vendor: WeGIA
Status: WeGIA
Vendor: CVE Published:; 17 January 2025

What is CVE-2024-57034?

The WeGIA software version less than 3.2.0 is susceptible to an SQL injection vulnerability located in the query_geracao_auto.php file. This flaw allows an attacker to manipulate SQL queries through the query parameter, potentially leading to unauthorized data access or data manipulation. Users are urged to upgrade to the latest versions to mitigate this security risk. For further details, visit the official WeGIA website or the vulnerability research page.

References

https://www.wegia.org

https://github.com/nmmorette/vulnerability-research/tree/...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 17, 2025
Vulnerability Reserved
Jan 9, 2025