CNNVD-202512-1742 Information

CNNVD ID

CNNVD-202512-1742

Related CVE

CVE-2025-67501

• CNNVD Published: 2025-12-10

Description (Chinese)

WeGIA是Nilson Lazarin个人开发者的一个福利机构的网络管理器。 WeGIA 3.5.4及之前版本存在SQL注入漏洞，该漏洞源于id_categoria参数验证不足，可能导致SQL注入攻击。

Description (English)

WeGIA is the network manager of a welfare institution of the Nelson Lazarin personal developer. WeGIA 3.5.4 and previous versions have an injection loophole in SQL, which stems from inadequate verification of id categoria parameters, which could lead to an attack on SQL.

Hazard Level

High

Vulnerability Type

SQL注入

Affected Vendor

个人开发者

Published

2025-12-10

Last Modified

2026-02-24

References

https://github.com/LabRedesCefetRJ/WeGIA/releases/tag/3.5.5 https://github.com/LabRedesCefetRJ/WeGIA/commit/f04b91f584a38c2061a071b26219dba3f25819e6 https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-hj2x-qfm3-2869 https://access.redhat.com/security/cve/cve-2025-67501

Patch

https://github.com/JMRI/JMRI/releases