CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-23219: WeGIA has a SQL Injection endpoint 'adicionar_cor.php' parameter 'cor'

10.0 CVSS

Description

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionar_cor.php endpoint. This vulnerability allows attackers to execute arbitrary SQL commands in the database, allowing unauthorized access to sensitive information. During the exploit, it was possible to perform a complete dump of the application's database, highlighting the severity of the flaw. This vulnerability is fixed in 3.2.10.

Classification

CVE ID: CVE-2025-23219

CVSS Base Severity: CRITICAL

CVSS Base Score: 10.0

Affected Products

Vendor: LabRedesCefetRJ

Product: WeGIA

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.68% (scored less or equal to compared to others)

EPSS Date: 2025-02-18 (when was this score calculated)

References

https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-h2mg-4c7q-w69v
https://github.com/LabRedesCefetRJ/WeGIA/commit/ae9c859006143bd0087b3e6e48a0677e1fff5c7e

Timeline

2025-01-21 00:33:23 UTC
CVE

WeGIA has a SQL Injection endpoint 'adicionar_cor.php' parameter 'cor'