AI description
CVE-2025-26614 refers to a SQL injection vulnerability found in the WeGIA web application, an open-source platform designed for institutional management and geared towards Portuguese-speaking users. The vulnerability exists within the `deletar_documento.php` endpoint, allowing authenticated attackers to execute arbitrary SQL queries. This could potentially grant unauthorized access to sensitive information stored within the application's database. The issue has been addressed in version 3.2.14. WeGIA users are strongly encouraged to update their systems to version 3.2.14 or later to mitigate this vulnerability. While CVE-2025-26614 specifically pertains to the `deletar_documento.php` endpoint, it's worth noting that other vulnerabilities have been reported in WeGIA, including a SQL injection vulnerability in `familiar_docfamiliar.php` and a path traversal vulnerability in `exportar_dump.php`. These vulnerabilities highlight the importance of staying up-to-date with the latest security patches and best practices.
- Description
- WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `deletar_documento.php` endpoint. This vulnerability allow an authorized attacker to execute arbitrary SQL queries, allowing access to sensitive information. This issue has been addressed in version 3.2.14 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
- Source
- security-advisories@github.com
- NVD status
- Received
CVSS 4.0
- Type
- Secondary
- Base score
- 9.4
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
- security-advisories@github.com
- CWE-89
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
3
🚨 Critical Security Vulnerability 🆔 CVE-2025-26605, CVE-2025-26606, CVE-2025-26607, CVE-2025-26608, CVE-2025-26609, CVE-2025-26610, CVE-2025-26611, CVE-2025-26612, CVE-2025-26613, CVE-2025-26614, CVE-2025-26615, CVE-2025-26616, CVE-2025-26617 💣 CVSS Score: 9.4, 10, 10, 10, 10,
@DarkWebInformer
18 Feb 2025
6763 Impressions
16 Retweets
53 Likes
10 Bookmarks
2 Replies
1 Quote
🚨 Critical Security Vulnerability 🆔 CVE-2025-26605, CVE-2025-26606, CVE-2025-26607, CVE-2025-26608, CVE-2025-26609, CVE-2025-26610, CVE-2025-26611, CVE-2025-26612, CVE-2025-26613, CVE-2025-26614, CVE-2025-26615, CVE-2025-26616, CVE-2025-26617 💣 CVSS Score: 9.4, 10, 10, 10, 10,
@DarkWebInformer
18 Feb 2025
417 Impressions
0 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
[CVE-2025-26614: CRITICAL] SQL Injection vulnerability discovered in WeGIA web app. Upgrade to version 3.2.14 to fix the issue. Attackers can execute SQL queries, access sensitive data. No workarounds available.#cybersecurity,#vulnerability https://t.co/Xj1PjmVSrD https://t.co/xa
@CveFindCom
18 Feb 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-26614 WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application,… https://t.co/F3nUJeEYaS
@CVEnew
18 Feb 2025
333 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes