Unrated severityNVD Advisory· Published Oct 2, 2025· Updated Oct 2, 2025
WeGIA: SQL Injection (Blind Time-Based) Vulnerability in API `descricao` Parameter
CVE-2025-61603
Description
WeGIA is a Web manager for charitable institutions. Versions 3.4.12 and below include an SQL Injection vulnerability which was identified in the /controle/control.php endpoint, specifically in the descricao parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This issue is fixed in version 3.5.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: < 3.5.0
Patches
Vulnerability mechanics
References
2- github.com/LabRedesCefetRJ/WeGIA/commit/84958eed73741a544859eea297908db3b83b3833mitrex_refsource_MISC
- github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-v8hm-pq8g-c7j4mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.