Today > vulnerabilities   -   You can now download lists of IOCs here!

CVE-2025-22140

Jan. 8, 2025, 8:15 p.m.

Tags

security-advisories@github.com
CWE-89
2025-01-08
CVE-2025-22140

Product(s) Impacted

WeGIA

  • 3.2.8

Description

WeGIA is a web manager for charitable institutions. A SQL Injection vulnerability was identified in the /html/funcionario/dependente_listar_um.php endpoint, specifically in the id_dependente parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This vulnerability is fixed in 3.2.8.

Weaknesses

CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

CWE ID: 89

Date

Published: Jan. 8, 2025, 7:15 p.m.

Last Modified: Jan. 8, 2025, 8:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security-advisories@github.com

References

https://github.com/ security-advisories@github.com
https://github.com/ 134c704f-9b21-4f2e-91b3-4a467353bcc0