PT-2025-7211 · Wegia · Wegia

L8Bl

Publicado

2025-02-16

Atualizado

2025-02-18

CVE-2025-26612

CVSS v3.1

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.2.13

Description: A SQL Injection vulnerability was discovered in the WeGIA application, adicionar almoxarife.php endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthorized access to sensitive information.

Recommendations: For versions prior to 3.2.13, upgrade to version 3.2.13 to address the SQL Injection vulnerability in the adicionar almoxarife.php endpoint. As a temporary workaround, consider restricting access to the adicionar almoxarife.php endpoint until the upgrade is applied.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

BDU:2025-09321

CVE-2025-26612

GHSA-9CWJ-P4X6-PP88

Produtos afetados

Wegia

PT-2025-7211 · Wegia · Wegia

CVE-2025-26612

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11