CVE-2025-53527

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.4.1

Description: A Time-Based Blind SQL Injection issue was discovered in the almox parameter of the "/controle/relatorio geracao.php" endpoint. This allows an attacker to inject arbitrary SQL queries, potentially leading to unauthorized data access or further exploitation depending on the database configuration.

Recommendations: For versions prior to 3.4.1, update to version 3.4.1 to resolve the issue. As a temporary workaround, consider restricting access to the "/controle/relatorio geracao.php" endpoint or limiting the use of the almox parameter to minimize the risk of exploitation.