CVE-2025-22141

Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.2.8

Description A SQL Injection vulnerability was identified in the "/dao/verificar recursos cargo.php" endpoint, specifically in the cargo parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database.

Recommendations For versions prior to 3.2.8, update to version 3.2.8 to resolve the issue. As a temporary workaround, consider restricting access to the "/dao/verificar recursos cargo.php" endpoint until the update is applied. Avoid using the cargo parameter in the affected endpoint until the issue is resolved.