← volver
CVE-2025-22141

WeGIA SQL Injection (Blind Time-Based) endpoint 'verificar_recursos_cargo.php' parameter 'cargo'

CVSS 9.4 CRITICALEPSS 0.7%CWE-89
Vexday Risk Score
28Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 9.4EPSS 0.7%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
08 ene 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
WeGIA is a web manager for charitable institutions. A SQL Injection vulnerability was identified in the /dao/verificar_recursos_cargo.php endpoint, specifically in the cargo parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This vulnerability is fixed in 3.2.8.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Productos afectados
nilsonLazarin · WeGIA