CVE-2025-30365

Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.2.8

Description A SQL Injection issue was identified in the "/WeGIA/html/socio/sistema/controller/query geracao auto.php" endpoint, specifically in the query parameter. This issue allows the execution of arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database.

Recommendations For versions prior to 3.2.8, update to version 3.2.8 to resolve the issue. As a temporary workaround, consider restricting access to the "/WeGIA/html/socio/sistema/controller/query geracao auto.php" endpoint until the update is applied.