Wegia · Wegia · CVE-2025-26614
Name of the Vulnerable Software and Affected Versions:
WeGIA versions prior to 3.2.14
Description:
A SQL Injection vulnerability was discovered in the WeGIA application, `deletar documento.php` endpoint. This vulnerability allows an authorized attacker to execute arbitrary SQL queries, allowing access to sensitive information.
Recommendations:
For versions prior to 3.2.14, upgrade to version 3.2.14 to address the issue. As a temporary workaround, consider restricting access to the `deletar documento.php` endpoint until the upgrade is applied. There are no known workarounds for this vulnerability.