Описание
WeGIA is a web manager for charitable institutions. A SQL Injection vulnerability was identified in the /html/funcionario/dependente_listar_um.php endpoint, specifically in the id_dependente parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This vulnerability is fixed in 3.2.8.
Ссылки
- ExploitVendor Advisory
- ExploitVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.2.8 (исключая)
cpe:2.3:a:wegia:wegia:*:*:*:*:*:*:*:*
EPSS
Процентиль: 54%
0.00317
Низкий
8.8 High
CVSS3
Дефекты
CWE-89
EPSS
Процентиль: 54%
0.00317
Низкий
8.8 High
CVSS3
Дефекты
CWE-89