CVE-2025-23220 in WeGIAinfo

Zusammenfassung

von MITRE • 20.01.2025

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionar_raca.php endpoint. This vulnerability allows attackers to execute arbitrary SQL commands in the database, allowing unauthorized access to sensitive information. During the exploit, it was possible to perform a complete dump of the application's database, highlighting the severity of the flaw. This vulnerability is fixed in 3.2.10.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

GitHub M

Reservieren

13.01.2025

Veröffentlichung

20.01.2025

Moderieren

akzeptiert

Eintrag

VDB-292629

CPE

bereit

CWE

CWE-89 (bestätigt)

CVSS

9.8 (NVD)

EPSS

0.00483

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-23220
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-23220
CVE Details	https://www.cvedetails.com/cve/CVE-2025-23220/

◂ Zurück Übersicht Weiter ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!