- Description
- WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `restaurar_produto_desocultar.php` endpoint. This vulnerability allow an authorized attacker to execute arbitrary SQL queries, allowing access to sensitive information. This issue has been addressed in version 3.2.13 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
- Source
- security-advisories@github.com
- NVD status
- Received
CVSS 4.0
- Type
- Secondary
- Base score
- 9.4
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
- security-advisories@github.com
- CWE-89
- Hype score
- Not currently trending
🚨 Critical Security Vulnerability 🆔 CVE-2025-26605, CVE-2025-26606, CVE-2025-26607, CVE-2025-26608, CVE-2025-26609, CVE-2025-26610, CVE-2025-26611, CVE-2025-26612, CVE-2025-26613, CVE-2025-26614, CVE-2025-26615, CVE-2025-26616, CVE-2025-26617 💣 CVSS Score: 9.4, 10, 10, 10, 10,
@DarkWebInformer
18 Feb 2025
6763 Impressions
16 Retweets
53 Likes
10 Bookmarks
2 Replies
1 Quote
🚨 Critical Security Vulnerability 🆔 CVE-2025-26605, CVE-2025-26606, CVE-2025-26607, CVE-2025-26608, CVE-2025-26609, CVE-2025-26610, CVE-2025-26611, CVE-2025-26612, CVE-2025-26613, CVE-2025-26614, CVE-2025-26615, CVE-2025-26616, CVE-2025-26617 💣 CVSS Score: 9.4, 10, 10, 10, 10,
@DarkWebInformer
18 Feb 2025
417 Impressions
0 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-26610 WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application,… https://t.co/0nYytLfQax
@CVEnew
18 Feb 2025
301 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes