SQL Injection Vulnerability in WeGIA Web Manager by LabRedesCefetRJ
CVE-2025-24902

9.4CRITICAL

Key Information:

Vendor: Labredescefetrj
Status: Wegia
Vendor: CVE Published:; 3 February 2025

Summary

A SQL Injection vulnerability exists in the WeGIA Web Manager, specifically targeting the 'salvar_cargo.php' endpoint. This flaw enables an authorized attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, modification, or deletion of sensitive data. Users are strongly recommended to upgrade to version 3.2.12 or later as there are no known workarounds for mitigating this risk.

Affected Version(s)

WeGIA < 3.2.12

References

https://github.com/LabRedesCefetRJ/WeGIA/security/advisor...

x_refsource_CONFIRM

CVSS V4

Score:

9.4

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Feb 3, 2025
Vulnerability Reserved
Jan 27, 2025