CVE-2025-24905

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-24905

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-24905.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-24905

Aliases

GHSA-qjc6-5qv6-fr8m

Published

2025-02-03T22:15:28Z

Modified

2025-02-21T01:59:26.523461Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, get_codigobarras_cobranca.php endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. This issue has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

References

https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-qjc6-5qv6-fr8m

Affected packages

Git / github.com/labredescefetrj/wegia

Affected ranges

Type: GIT
Repo: https://github.com/labredescefetrj/wegia
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

59d463f509872a27671d88d6a8b6794598097076

Affected versions

0.*

0.9.4-beta

v1.*

v1.0

v2.*

v2.0

v2.0-beta

v3.*

v3.0

v3.1

v3.2.0

v3.2.10

v3.2.11

v3.2.6

v3.2.7

v3.2.8

v3.2.9