SQL Injection Vulnerability in WeGIA Web Manager by LabRedesCefetRJ

CVE-2025-24901

What is CVE-2025-24901?

CVE-2025-24901 is a SQL Injection vulnerability found in the WeGIA Web Manager, a tool designed for managing operations within charitable institutions. This vulnerability could be exploited by authorized attackers to execute arbitrary SQL queries through the application's deletar_permissao.php endpoint. If exploited, attackers could potentially access or delete sensitive information stored in the database, which could severely compromise an organization's integrity and the confidentiality of its data.

Technical Details

The vulnerability resides in a specific endpoint of the WeGIA application, allowing for possible SQL Injection attacks. This means that an attacker with authorized access could manipulate input data to execute malicious SQL commands. As a result, they could gain unauthorized access to sensitive data, modify or delete records, or even impact the overall functionality of the application. This vulnerability has been addressed in version 3.2.12, and users are strongly encouraged to upgrade to this version to mitigate the risks associated with this flaw.

Potential Impact of CVE-2025-24901

1. Data Breaches: Attackers can gain access to confidential and sensitive information, potentially leading to significant financial and reputational damage to organizations.

2. Data Loss or Corruption: The ability to delete records could result in the loss of vital data, hindering the operations of charitable institutions and impacting their ability to serve their missions effectively.

3. Regulatory Compliance Risks: Organizations may face compliance issues due to unauthorized access to personal data, leading to legal repercussions and potential fines due to failure to protect sensitive information adequately.

References