CVE-2025-53937

WeGIA has SQL Injection (Blind Time-Based) Vulnerability in `cargo` Parameter on `control.php` Endpoint

Description

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the `/controle/control.php` endpoint, specifically in the `cargo` parameter, of WeGIA prior to version 3.4.5. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. Version 3.4.5 fixes the issue.

INFO

Published Date :

2025-07-16T16:03:15.150Z

Last Modified :

2025-07-16T16:03:15.150Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2025-53937 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-53937.

URL	Resource
https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-j3qv-v3m7-73pj

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability