Unrated severityNVD Advisory· Published Jul 7, 2025· Updated Jul 8, 2025
WeGIA allows Time-Based Blind SQL Injection in the relatorio_geracao.php endpoint
CVE-2025-53527
Description
WeGIA is a web manager for charitable institutions. A Time-Based Blind SQL Injection vulnerability was discovered in the almox parameter of the /controle/relatorio_geracao.php endpoint. This issue allows attacker to inject arbitrary SQL queries, potentially leading to unauthorized data access or further exploitation depending on database configuration. This vulnerability is fixed in 3.4.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: >= 3.3.3, < 3.4.1
Patches
Vulnerability mechanics
References
2- github.com/LabRedesCefetRJ/WeGIA/commit/9de9a741d1d26ae76b2215a32660817d9bd452aamitrex_refsource_MISC
- github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-43xw-c4g6-jgffmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.