CVE-2025-23219 in WeGIAinformation

Résumé

par MITRE • 20/01/2025

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionar_cor.php endpoint. This vulnerability allows attackers to execute arbitrary SQL commands in the database, allowing unauthorized access to sensitive information. During the exploit, it was possible to perform a complete dump of the application's database, highlighting the severity of the flaw. This vulnerability is fixed in 3.2.10.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

GitHub M

Réserver

13/01/2025

Divulgation

20/01/2025

Modérer

accepté

Entrée

VDB-292631

CPE

prêt

CWE

CWE-89 (confirmé)

CVSS

9.8 (NVD)

EPSS

0.00483

KEV

non

Activités

très faible

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-23219
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-23219
CVE Details	https://www.cvedetails.com/cve/CVE-2025-23219/

◂ Précédent Aperçu Suivant ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!