Описание
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a SQL Injection vulnerability was identified in the /html/saude/aplicar_medicamento.php endpoint, specifically in the id_fichamedica parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This issue has been patched in version 3.4.8.
Ссылки
- Broken Link
- Issue TrackingMitigation
- ExploitVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.4.8 (исключая)
cpe:2.3:a:wegia:wegia:*:*:*:*:*:*:*:*
EPSS
Процентиль: 16%
0.00052
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-89
EPSS
Процентиль: 16%
0.00052
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-89