SQL Injection in WeGIA Web Management for Charitable Institutions
CVE-2025-22141

8.8HIGH

Key Information:

Vendor: WeGIA
Status: Wegia
Vendor: CVE Published:; 8 January 2025

What is CVE-2025-22141?

A SQL Injection vulnerability has been discovered in WeGIA, a web management platform designed for charitable organizations. Specifically, the flaw lies in the /dao/verificar_recursos_cargo.php endpoint, where the cargo parameter does not adequately validate user input. This oversight allows attackers to execute arbitrary SQL commands against the database, potentially compromising its confidentiality, integrity, and availability. A fix has been implemented in WeGIA version 3.2.8, emphasizing the need for users to upgrade to this version to mitigate risks associated with this vulnerability.

References

https://github.com/LabRedesCefetRJ/WeGIA/security/advisor...

https://github.com/nilsonLazarin/WeGIA/security/advisorie...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 8, 2025