exploitDog

CVE-2025-61603

Опубликовано: 02 окт. 2025

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

WeGIA is a Web manager for charitable institutions. Versions 3.4.12 and below include an SQL Injection vulnerability which was identified in the /controle/control.php endpoint, specifically in the descricao parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This issue is fixed in version 3.5.0.

Ссылки

https://github.com/LabRedesCefetRJ/WeGIA/commit/84958eed73741a544859eea297908db3b83b3833
Patch
https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-v8hm-pq8g-c7j4
Exploit
Vendor Advisory
https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-v8hm-pq8g-c7j4
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wegia:wegia:*:*:*:*:*:*:*:*

Версия до 3.5.0 (исключая)

EPSS

Процентиль: 17%

0.00055

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89

EPSS

Процентиль: 17%

0.00055

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89