CVE-2025-23218

Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.2.10

Description WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the "adicionar especie.php" endpoint. This vulnerability allows attackers to execute arbitrary SQL commands in the database, allowing unauthorized access to sensitive information. During the exploit, it was possible to perform a complete dump of the application's database, highlighting the severity of the flaw.

Recommendations For versions prior to 3.2.10, update to version 3.2.10 to patch the flaw and protect sensitive data. As a temporary workaround, consider restricting access to the "adicionar especie.php" endpoint until the issue is resolved.