CVE-2025-23219
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-23219
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-23219.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-23219
- Aliases
-
- GHSA-h2mg-4c7q-w69v
- Published
- 2025-01-20T15:47:39.681Z
- Modified
- 2025-12-05T08:52:27.248357Z
- Severity
-
- 10.0 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H CVSS Calculator
- Summary
- WeGIA has a SQL Injection endpoint 'adicionar_cor.php' parameter 'cor'
- Details
-
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionar_cor.php endpoint. This vulnerability allows attackers to execute arbitrary SQL commands in the database, allowing unauthorized access to sensitive information. During the exploit, it was possible to perform a complete dump of the application's database, highlighting the severity of the flaw. This vulnerability is fixed in 3.2.10.
- Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-89" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/23xxx/CVE-2025-23219.json" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/23xxx/CVE-2025-23219.json
- https://github.com/LabRedesCefetRJ/WeGIA/commit/ae9c859006143bd0087b3e6e48a0677e1fff5c7e
- https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-h2mg-4c7q-w69v
- https://nvd.nist.gov/vuln/detail/CVE-2025-23219