CVE-2025-53937 Information

Description

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the /controle/control.php endpoint specifically in the cargo parameter of WeGIA prior to version 3.4.5. This vulnerability allows attackers to execute arbitrary SQL commands compromising the confidentiality integrity and availability of the database. Version 3.4.5 fixes the issue.

Reference

https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-j3qv-v3m7-73pj

Related CNNVD

CNNVD-202507-2253 (Published: 2025-07-16)