CVE-2025-24901
📋 TL;DR
A SQL injection vulnerability in WeGIA's deletar_permissao.php endpoint allows authenticated attackers to execute arbitrary SQL queries. This could lead to data theft, modification, or deletion of sensitive charity information. All WeGIA installations before version 3.2.12 are affected.
💻 Affected Systems
- WeGIA (Web Manager for Charitable Institutions)
📦 What is this software?
Wegia by Wegia
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including exfiltration of donor data, financial records, beneficiary information, and potential destruction of all application data.
Likely Case
Unauthorized access to sensitive personal information (PII) of donors and beneficiaries, modification of permissions, and potential privilege escalation.
If Mitigated
Limited impact due to network segmentation, minimal database privileges, and proper input validation at other layers.
🎯 Exploit Status
Exploitation requires authenticated access and SQL injection knowledge. No public exploit code is available at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.2.12
Vendor Advisory: https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-jp48-94wm-3gmc
Restart Required: No
Instructions:
1. Backup your current WeGIA installation and database. 2. Download version 3.2.12 from the official repository. 3. Replace the vulnerable deletar_permissao.php file with the patched version. 4. Verify the application functions correctly.
🔧 Temporary Workarounds
No official workarounds
allThe vendor states there are no known workarounds for this vulnerability.
🧯 If You Can't Patch
- Implement strict network access controls to limit access to WeGIA application only to authorized users
- Enable detailed SQL query logging and monitor for suspicious database activity patterns
🔍 How to Verify
Check if Vulnerable:
Check if deletar_permissao.php exists in your WeGIA installation and examine the code for lack of prepared statements/parameterized queries.Check Version:
Check the WeGIA admin dashboard or examine version files in the installation directory.Verify Fix Applied:
Verify the version number in WeGIA's admin interface shows 3.2.12 or higher, and check that deletar_permissao.php uses parameterized queries.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in database logs
- Multiple failed permission deletion attempts
- SQL syntax errors in application logs
Network Indicators:
- Unusual patterns of requests to deletar_permissao.php endpoint
- SQL keywords in HTTP POST parameters
SIEM Query:
source="web_logs" AND uri="*deletar_permissao.php*" AND (param="*SELECT*" OR param="*UNION*" OR param="*DELETE*" OR param="*DROP*")