AI description
CVE-2025-24901 is a SQL Injection vulnerability found in WeGIA, a web manager for charitable institutions. The vulnerability exists within the `deletar_permissao.php` endpoint of the WeGIA application. This flaw could allow an authorized attacker to execute arbitrary SQL queries. Successful exploitation could lead to unauthorized access or deletion of sensitive information. The vulnerability has been addressed in WeGIA version 3.2.12, and users are advised to upgrade.
- Description
- WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `deletar_permissao.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. This issue has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
CVSS 4.0
- Type
- Secondary
- Base score
- 9.4
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security-advisories@github.com
- CWE-89
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
7
iOSをコード一行で文鎮化する脆弱性が発見された。CVE-2025-24901はOSのDarwin通知システムの操作により無限再起動状態を喚起できるもの。iOS18.3で修正。報奨金17,500ドル。 https://t.co/rloFAqpqnZ
@__kokumoto
28 Apr 2025
2161 Impressions
14 Retweets
30 Likes
6 Bookmarks
0 Replies
0 Quotes
CVE-2025-24901 SQL Injection Vulnerability in WeGIA Web Manager Enabling Unauthorized Database Access https://t.co/GaxmVDrL13
@VulmonFeeds
3 Feb 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-24901: CRITICAL] SQL Injection vulnerability found in WeGIA Web Manager for Charitable Institutions in `deletar_permissao.php` endpoint. Update to version 3.2.12 to patch the issue.#cybersecurity,#vulnerability https://t.co/ZLQ2hKC8VZ https://t.co/XxhOo8xvoa
@CveFindCom
3 Feb 2025
67 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wegia:wegia:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A421C69D-AB7C-4DC3-B02E-150D6EA2862D",
"versionEndExcluding": "3.2.12"
}
],
"operator": "OR"
}
]
}
]