CVE-2025-26607

Published Feb 18, 2025

Last updated 4 days ago

CVSS critical 10.0

Overview

Description
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `documento_excluir.php` endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthorized access to sensitive information. This issue has been addressed in version 3.2.13 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Source
security-advisories@github.com
NVD status
Received

Risk scores

CVSS 4.0

Type
Secondary
Base score
10
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
CRITICAL

Weaknesses

security-advisories@github.com
CWE-89

Social media

Hype score
Not currently trending

  1. CVE-2025-26607 SQL Injection in WeGIA Web Manager 3.2.12 Allows Unauthorized Database Access https://t.co/Q1MDVhAVCL

    @VulmonFeeds

    19 Feb 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 Critical Security Vulnerability 🆔 CVE-2025-26605, CVE-2025-26606, CVE-2025-26607, CVE-2025-26608, CVE-2025-26609, CVE-2025-26610, CVE-2025-26611, CVE-2025-26612, CVE-2025-26613, CVE-2025-26614, CVE-2025-26615, CVE-2025-26616, CVE-2025-26617 💣 CVSS Score: 9.4, 10, 10, 10, 10,

    @DarkWebInformer

    18 Feb 2025

    6763 Impressions

    16 Retweets

    53 Likes

    10 Bookmarks

    2 Replies

    1 Quote

  3. 🚨 Critical Security Vulnerability 🆔 CVE-2025-26605, CVE-2025-26606, CVE-2025-26607, CVE-2025-26608, CVE-2025-26609, CVE-2025-26610, CVE-2025-26611, CVE-2025-26612, CVE-2025-26613, CVE-2025-26614, CVE-2025-26615, CVE-2025-26616, CVE-2025-26617 💣 CVSS Score: 9.4, 10, 10, 10, 10,

    @DarkWebInformer

    18 Feb 2025

    417 Impressions

    0 Retweets

    3 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  4. CVE-2025-26607 WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application,… https://t.co/acraa41Dwr

    @CVEnew

    18 Feb 2025

    215 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References