CNNVD-202506-3575 Information

CNNVD ID

CNNVD-202506-3575

Related CVE

CVE-2025-53091

• CNNVD Published: 2025-06-27

Description (Chinese)

WeGIA是Nilson Lazarin个人开发者的一个福利机构的网络管理器。 WeGIA 3.3.3版本存在SQL注入漏洞，该漏洞源于/controle/getProdutosPorAlmox.php端点的almox参数存在基于时间的盲SQL注入，可能导致未经授权的数据访问。

Description (English)

WeGIA is the network manager of a welfare institution of the Nelson Lazarin personal developer. Version 3.3.3 of WeGIA has an injection loophole in SQL, which originates from the time-based, blind SQL injection of almox parameters at the /control/getProdutosPorAlmox.php endpoint, which may lead to unauthorized data access.

Hazard Level

High

Vulnerability Type

SQL注入

Affected Vendor

Live Support

Published

2025-06-27

Last Modified

2026-02-24

References

https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-pmf9-2rc3-vvxx https://access.redhat.com/security/cve/cve-2025-53091

Patch

https://github.com/LabRedesCefetRJ/WeGIA/releases