VYPR
Unrated severityNVD Advisory· Published Oct 2, 2025· Updated Oct 2, 2025

WeGIA: SQL Injection (Blind Time-Based) Vulnerability in API `descricao` Parameter

CVE-2025-61603

Description

WeGIA is a Web manager for charitable institutions. Versions 3.4.12 and below include an SQL Injection vulnerability which was identified in the /controle/control.php endpoint, specifically in the descricao parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This issue is fixed in version 3.5.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.