CVE-2025-23220

Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.2.10

Description A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionar raca.php endpoint. This vulnerability allows attackers to execute arbitrary SQL commands in the database, allowing unauthorized access to sensitive information. During the exploit, it was possible to perform a complete dump of the application's database, highlighting the severity of the flaw.

Recommendations For versions prior to 3.2.10, update to version 3.2.10 to resolve the issue. As a temporary workaround, consider restricting access to the adicionar raca.php endpoint until the update is applied.