CVE-2025-52474

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-52474

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-52474.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-52474

Aliases

GHSA-rwvh-2gfh-wmcm

Published

2025-06-19T04:15:53Z

Modified

2025-07-02T16:45:31.907491Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

WeGIA is a web manager for charitable institutions. Prior to version 3.4.2, a SQL Injection vulnerability was identified in the id parameter of the /WeGIA/controle/control.php endpoint. This vulnerability allows attacker to manipulate SQL queries and access sensitive database information, such as table names and sensitive data. This issue has been patched in version 3.4.2.

References

Affected packages

Git / github.com/labredescefetrj/wegia

Affected ranges

Type: GIT
Repo: https://github.com/labredescefetrj/wegia
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

b6fbb3e21b8d71e50afe0395dca44acdd1ca2e29

Affected versions

0.*

0.9.4-beta

3.*

3.3.0

3.3.1

3.3.2

3.3.3

3.4.0

3.4.1

v1.*

v1.0

v2.*

v2.0

v2.0-beta

v3.*

v3.0

v3.1

v3.2.0

v3.2.10

v3.2.11

v3.2.12

v3.2.13

v3.2.14

v3.2.15

v3.2.16

v3.2.17

v3.2.6

v3.2.7

v3.2.8

v3.2.9