CVE-2025-59939

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.5.0

Description WeGIA, a Web manager for charitable institutions, contains a SQL Injection flaw. The issue affects the control.php endpoint, specifically through the id produto parameter. Exploitation can occur via malicious commands injected into the id produto parameter. The issue was addressed in version 3.5.0 through the implementation of prepared statements, sanitization, and validation of the id produto parameter.

Recommendations Update to version 3.5.0 or later. Apply prepared statements methods to the id produto parameter. Implement sanitization and validation on the id produto parameter.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2025-59939

GHSA-JX9M-PGF8-V489

Affected Products

Wegia

CVE-2025-59939

Weakness Enumeration

Related Identifiers

Affected Products

References · 10