SQL Injection Vulnerability in WeGIA Web Manager for Institutions
CVE-2025-27096
9.4CRITICAL
Key Information:
- Vendor
- Labredescefetrj
- Status
- Wegia
- Vendor
- CVE Published:
- 20 February 2025
Summary
A SQL Injection vulnerability has been identified in the WeGIA Web Manager for Institutions, specifically within the personalizacao_upload.php endpoint. This flaw permits an authorized attacker to execute arbitrary SQL queries, which could lead to unauthorized access to sensitive information. It is crucial for all users running versions prior to 3.2.14 to upgrade promptly as there are no known workarounds to mitigate this vulnerability.
Affected Version(s)
WeGIA < 3.2.14
References
CVSS V4
Score:
9.4
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved