CVE-2025-26607: SQL Injection endpoint 'documento_excluir.php' parameter 'id_funcionario' in WeGIA
First published: Tue Feb 18 2025(Updated: )
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `documento_excluir.php` endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthorized access to sensitive information. This issue has been addressed in version 3.2.13 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wegia Wegia | <3.2.13 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2025-26607?
CVE-2025-26607 is classified as a high severity SQL Injection vulnerability.
How do I fix CVE-2025-26607?
To fix CVE-2025-26607, update the WeGIA application to version 3.2.14 or later.
What software is affected by CVE-2025-26607?
CVE-2025-26607 affects WeGIA versions up to and including 3.2.13.
What type of vulnerability is CVE-2025-26607?
CVE-2025-26607 is a SQL Injection vulnerability that allows execution of arbitrary SQL queries.
Where is the vulnerable endpoint for CVE-2025-26607 located?
The vulnerable endpoint for CVE-2025-26607 is located in 'documento_excluir.php' of the WeGIA application.
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/title
- agent/weakness
- agent/type
- agent/first-publish-date
- agent/description
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/severity
- agent/author
- agent/event
- collector/epss-latest
- source/FIRST
- agent/source
- agent/tags
- agent/epss
- vendor/wegia
- canonical/wegia wegia