CVE-2025-30367

WeGIA SQL Injection Vulnerability in nextPage Parameter on control.php Endpoint

Description

WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.2.6 in the nextPage parameter of the /WeGIA/controle/control.php endpoint. This vulnerability allows attacker to manipulate SQL queries and access sensitive database information, such as table names and sensitive data. Version 3.2.6 contains a fix for the issue.

INFO

Published Date :

2025-03-27T16:30:34.283Z

Last Modified :

2025-03-27T18:40:10.011Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2025-30367 vulnerability.

Vendors	Products
Wegia	Wegia

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-30367.

URL	Resource
https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-7j9v-xgmm-h7wr

CVSS Vulnerability Scoring System

V4
V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact