CVE-2025-26609

Published Feb 18, 2025

Last updated 4 days ago

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-26609 is a SQL injection vulnerability found in the WeGIA web application. The vulnerability exists within the `familiar_docfamiliar.php` endpoint, enabling attackers to execute arbitrary SQL queries. Successful exploitation could allow unauthorized access, modification, or deletion of sensitive data within the application's database. WeGIA is an open-source web management application geared towards Portuguese-speaking users. The vulnerability has been addressed in version 3.2.14. Users are strongly encouraged to update to this version to mitigate the risk. Currently, there are no known workarounds available.

Description: WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `familiar_docfamiliar.php` endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthorized access to sensitive information. This issue has been addressed in version 3.2.14 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Source: security-advisories@github.com
NVD status: Received

Risk scores

CVSS 4.0

Type: Secondary
Base score: 10
Impact score: -
Exploitability score: -
Vector string: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity: CRITICAL

Weaknesses

security-advisories@github.com: CWE-89

Hype score: Not currently trending

Overview

AI description

Risk scores

CVSS 4.0

Weaknesses

Social media

References