CVE-2025-23219 CRITICAL

CVE-2025-23219: WeGIA has a SQL Injection endpoint 'adicionar_cor.php' parameter 'cor'

Vendor Labredescefetrj

Product WeGIA

Weakness CWE-89 · SQLi

Published January 20, 2025

Last update February 18, 2025

View on NVD All CVEs

CVSS base score

10.0/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

What the vulnerability does

01Description

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionar_cor.php endpoint. This vulnerability allows attackers to execute arbitrary SQL commands in the database, allowing unauthorized access to sensitive information. During the exploit, it was possible to perform a complete dump of the application's database, highlighting the severity of the flaw. This vulnerability is fixed in 3.2.10.

Key dates

02Disclosure timeline

January 20, 2025 CVE published

February 18, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-23219 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

CVE-2025-23219: WeGIA has a SQL Injection endpoint 'adicionar_cor.php' parameter 'cor'

01Description

02Disclosure timeline

03References

04Related CVE