CVE-2025-53091

Name of the Vulnerable Software and Affected Versions: WeGIA version 3.3.3

Description: A Time-Based Blind SQL Injection issue was discovered in the /controle/getProdutosPorAlmox.php endpoint, specifically in the almox parameter. This allows any unauthenticated attacker to inject arbitrary SQL queries, potentially leading to unauthorized data access or further exploitation depending on database configuration.

Recommendations: For version 3.3.3, update to version 3.4.0 to fix the issue. As a temporary workaround, consider restricting access to the /controle/getProdutosPorAlmox.php endpoint until the update is applied. Avoid using the almox parameter in the affected endpoint until the issue is resolved.