Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-53527

WeGIA is a web manager for charitable institutions. A Time-Based Blind SQL Injection vulnerability was discovered in the almox parameter of the /controle/relatorio_geracao.php endpoint. This issue allows attacker to inject arbitrary SQL queries, potentially leading to unauthorized data access or further exploitation depending on database configuration. This vulnerability is fixed in 3.4.1.

Published

2025-07-07T17:15:29.860

Last Modified

2025-07-10T21:16:47.187

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Secondary
CWE-89

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	wegia	wegia	3.3.3	Yes

References

https://github.com/LabRedesCefetRJ/WeGIA/commit/9de9a741d1d26ae76b2215a32660817d9bd452aa Patch ([email protected])
https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-43xw-c4g6-jgff Exploit, Vendor Advisory ([email protected])
https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-43xw-c4g6-jgff Exploit, Vendor Advisory (134c704f-9b21-4f2e-91b3-4a467353bcc0)