CVE-2025-23219

Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.2.10

Description A SQL Injection vulnerability was identified in the WeGIA application, specifically in the "adicionar cor.php" endpoint. This vulnerability allows attackers to execute arbitrary SQL commands in the database, allowing unauthorized access to sensitive information. During the exploit, it was possible to perform a complete dump of the application's database, highlighting the severity of the flaw.

Recommendations For versions prior to 3.2.10, upgrade to version 3.2.10 to fix the issue. As a temporary workaround, consider restricting access to the "adicionar cor.php" endpoint until the issue is resolved.