SQL Injection Vulnerability in WeGIA Web Manager for Institutions
CVE-2025-26610

9.4CRITICAL

Key Information:

Vendor: Labredescefetrj
Status: Wegia
Vendor: CVE Published:; 18 February 2025

Summary

A SQL Injection vulnerability has been identified in the WeGIA Web Manager for Institutions, specifically within the restaurar_produto_desocultar.php endpoint. This flaw enables an authorized attacker to execute arbitrary SQL queries, thereby compromising sensitive information stored in the database. Users are strongly encouraged to upgrade to version 3.2.13 or later, as there are currently no known workarounds for this vulnerability.

Affected Version(s)

WeGIA < 3.2.13

References

https://github.com/LabRedesCefetRJ/WeGIA/security/advisor...

x_refsource_CONFIRM

CVSS V4

Score:

9.4

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Feb 18, 2025
Vulnerability Reserved
Feb 12, 2025