CVE-2025-46828

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-46828

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-46828.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-46828

Aliases

GHSA-5qw5-q55h-6qg7

Published

2025-05-07T18:15:43Z

Modified

2025-05-19T10:29:22.738343Z

Summary

[none]

Details

WeGIA is a web manager for charitable institutions. An unauthenticated SQL Injection vulnerability was identified in versions up to and including 3.3.0 in the endpoint /html/socio/sistema/get_socios.php, specifically in the query parameter. This issue allows attackers to inject and execute arbitrary SQL statements against the application's underlying database. As a result, it may lead to data exfiltration, authentication bypass, or complete database compromise. Version 3.3.1 fixes the issue.

References

Affected packages

Git / github.com/labredescefetrj/wegia

Affected ranges

Type: GIT
Repo: https://github.com/labredescefetrj/wegia
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

214dab59509bd3637f94adf381298c12da4ff80f

Affected versions

0.*

0.9.4-beta

3.*

3.3.0

v1.*

v1.0

v2.*

v2.0

v2.0-beta

v3.*

v3.0

v3.1

v3.2.0

v3.2.10

v3.2.11

v3.2.12

v3.2.13

v3.2.14

v3.2.15

v3.2.16

v3.2.17

v3.2.6

v3.2.7

v3.2.8

v3.2.9