Описание
WeGIA is a Web manager for charitable institutions. Prior to version 3.5.0, WeGIA is vulnerable to SQL Injection attacks in the control.php endpoint with the following parameters: nomeClasse=ProdutoControle&metodo=excluir&id_produto=[malicious command]. It is necessary to apply prepared statements methods, sanitization, and validations on theid_produto parameter. This issue has been patched in version 3.5.0.
Ссылки
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.5.0 (исключая)
cpe:2.3:a:wegia:wegia:*:*:*:*:*:*:*:*
EPSS
Процентиль: 18%
0.00059
Низкий
8.8 High
CVSS3
Дефекты
CWE-89
EPSS
Процентиль: 18%
0.00059
Низкий
8.8 High
CVSS3
Дефекты
CWE-89