Wegia · Wegia · CVE-2025-24901
Name of the Vulnerable Software and Affected Versions:
WeGIA versions prior to 3.2.12
Description:
A SQL Injection vulnerability was discovered in the WeGIA application, `deletar permissao.php` endpoint. This issue could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information.
Recommendations:
For versions prior to 3.2.12, update to version 3.2.12 to resolve the issue.
As a temporary workaround, consider restricting access to the `deletar permissao.php` endpoint until the update is applied.