SQL Injection Vulnerability in WeGIA Web Manager for Charitable Institutions
CVE-2025-27133

9.4CRITICAL

Key Information:

Vendor
Labredescefetrj
Status
Wegia
Vendor
CVE Published:
24 February 2025

Summary

A SQL Injection vulnerability was identified in the WeGIA application prior to version 3.2.15, specifically at the adicionar_tipo_exame.php endpoint. This flaw enables an authorized attacker to execute arbitrary SQL queries within the application, potentially leading to unauthorized access to sensitive information. Users are highly encouraged to upgrade to version 3.2.15, which includes a patch addressing this critical issue.

Affected Version(s)

WeGIA < 3.2.15

References

https://github.com/LabRedesCefetRJ/WeGIA/security/advisor...
x_refsource_CONFIRM
https://github.com/LabRedesCefetRJ/WeGIA/commit/619ead748...
x_refsource_MISC

CVSS V4

Score:
9.4
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.