AI description
CVE-2025-26617 is a SQL injection vulnerability found in the WeGIA web application, an open-source web manager for institutions. Specifically, the vulnerability exists in the `historico_paciente.php` endpoint. Successful exploitation allows attackers to execute arbitrary SQL queries. This could lead to unauthorized access to sensitive data managed by the application. The vulnerability has been addressed in WeGIA version 3.2.14. Users are strongly encouraged to update to this version to mitigate the risk.
- Description
- WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `historico_paciente.php` endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthorized access to sensitive information. This issue has been addressed in version 3.2.14 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
- Source
- security-advisories@github.com
- NVD status
- Received
CVSS 4.0
- Type
- Secondary
- Base score
- 10
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
- security-advisories@github.com
- CWE-89
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
3
CVE-2025-26617 SQL Injection in WeGIA Web Manager Vulnerability in historico_paciente.php Endpoint https://t.co/j2Z1cLGpCp
@VulmonFeeds
18 Feb 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical Security Vulnerability 🆔 CVE-2025-26605, CVE-2025-26606, CVE-2025-26607, CVE-2025-26608, CVE-2025-26609, CVE-2025-26610, CVE-2025-26611, CVE-2025-26612, CVE-2025-26613, CVE-2025-26614, CVE-2025-26615, CVE-2025-26616, CVE-2025-26617 💣 CVSS Score: 9.4, 10, 10, 10, 10,
@DarkWebInformer
18 Feb 2025
6763 Impressions
16 Retweets
53 Likes
10 Bookmarks
2 Replies
1 Quote
🚨 Critical Security Vulnerability 🆔 CVE-2025-26605, CVE-2025-26606, CVE-2025-26607, CVE-2025-26608, CVE-2025-26609, CVE-2025-26610, CVE-2025-26611, CVE-2025-26612, CVE-2025-26613, CVE-2025-26614, CVE-2025-26615, CVE-2025-26616, CVE-2025-26617 💣 CVSS Score: 9.4, 10, 10, 10, 10,
@DarkWebInformer
18 Feb 2025
417 Impressions
0 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
[CVE-2025-26617: CRITICAL] SQL Injection vulnerability discovered in WeGIA Web Manager for Institutions at `historico_paciente.php` endpoint allows unauthorized access to data. Upgrade to version 3.2.14 to fix.#cybersecurity,#vulnerability https://t.co/WG0i8I9XwJ https://t.co/6PZ
@CveFindCom
18 Feb 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-26617 WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application,… https://t.co/dOkXDzTn55
@CVEnew
18 Feb 2025
297 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes