CVE-2025-30367

Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.2.6

Description A SQL Injection issue was identified in the nextPage parameter of the "/WeGIA/controle/control.php" endpoint. This issue allows an attacker to manipulate SQL queries and access sensitive database information, such as table names and sensitive data.

Recommendations For versions prior to 3.2.6, update to version 3.2.6 to resolve the issue. As a temporary workaround, consider restricting access to the "/WeGIA/controle/control.php" endpoint until the update is applied. Avoid using the nextPage parameter in the affected endpoint until the issue is resolved.