← voltar
CVE-2025-61603

WeGIA: SQL Injection (Blind Time-Based) Vulnerability in API `descricao` Parameter

CVSS 9.4 CRITICALEPSS 0.4%CWE-89
Vexday Risk Score
28Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 9.4EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
02 out 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
WeGIA is a Web manager for charitable institutions. Versions 3.4.12 and below include an SQL Injection vulnerability which was identified in the /controle/control.php endpoint, specifically in the descricao parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This issue is fixed in version 3.5.0.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Produtos afetados
LabRedesCefetRJ · WeGIA

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/LabRedesCefetRJ/WeGIA/commit/84958eed73741a544859eea297908db3b83b3833https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-v8hm-pq8g-c7j4