CVE-2025-22141: WeGIA SQL Injection (Blind Time-Based) endpoint 'verificar_recursos_cargo.php' parameter 'cargo'

9.4 CVSS

Description

WeGIA is a web manager for charitable institutions. A SQL Injection vulnerability was identified in the /dao/verificar_recursos_cargo.php endpoint, specifically in the cargo parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This vulnerability is fixed in 3.2.8.

Classification

CVE ID: CVE-2025-22141

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.4

Affected Products

Vendor: nilsonLazarin

Product: WeGIA

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.48% (scored less or equal to compared to others)

EPSS Date: 2025-02-06 (when was this score calculated)

References

https://github.com/nilsonLazarin/WeGIA/security/advisories/GHSA-w7hp-2w2c-p636

Timeline

2025-01-09 00:30:36 UTC
CVE

WeGIA SQL Injection (Blind Time-Based) endpoint 'verificar_recursos_cargo.php' parameter 'cargo'