- Description
- WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `deletar_permissao.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. This issue has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
CVSS 4.0
- Type
- Secondary
- Base score
- 9.4
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security-advisories@github.com
- CWE-89
- Hype score
- Not currently trending
CVE-2025-24901 SQL Injection Vulnerability in WeGIA Web Manager Enabling Unauthorized Database Access https://t.co/GaxmVDrL13
@VulmonFeeds
3 Feb 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-24901: CRITICAL] SQL Injection vulnerability found in WeGIA Web Manager for Charitable Institutions in `deletar_permissao.php` endpoint. Update to version 3.2.12 to patch the issue.#cybersecurity,#vulnerability https://t.co/ZLQ2hKC8VZ https://t.co/XxhOo8xvoa
@CveFindCom
3 Feb 2025
67 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wegia:wegia:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A421C69D-AB7C-4DC3-B02E-150D6EA2862D",
"versionEndExcluding": "3.2.12"
}
],
"operator": "OR"
}
]
}
]