CVE-2025-52474

Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.4.2

Description A SQL Injection issue was identified in the id parameter of the "/WeGIA/controle/control.php" endpoint, allowing attackers to manipulate SQL queries and access sensitive database information, such as table names and sensitive data.

Recommendations For versions prior to 3.4.2, update to version 3.4.2 to resolve the issue. As a temporary workaround, consider restricting access to the "/WeGIA/controle/control.php" endpoint to minimize the risk of exploitation. Avoid using the id parameter in the affected endpoint until the issue is resolved.