CVE-2025-46828

Name of the Vulnerable Software and Affected Versions WeGIA versions up to and including 3.3.0

Description An unauthenticated SQL Injection issue was identified in the endpoint "/html/socio/sistema/get socios.php", specifically in the query parameter. This allows attackers to inject and execute arbitrary SQL statements against the application's underlying database, potentially leading to data exfiltration, authentication bypass, or complete database compromise.

Recommendations For versions up to and including 3.3.0, update to version 3.3.1 to fix the issue. As a temporary workaround, consider restricting access to the vulnerable endpoint "/html/socio/sistema/get socios.php" until the update is applied.