CVE-2025-53937

Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.4.5

Description WeGIA is an open-source web manager designed for Portuguese-language and charitable institutions. A SQL Injection issue exists in the /controle/control.php API endpoint, specifically through the cargo parameter. This allows attackers to execute arbitrary SQL commands, potentially compromising the database's confidentiality, integrity, and availability.

Recommendations Update to WeGIA version 3.4.5 or later.