CVE-2025-24902
📋 TL;DR
A SQL injection vulnerability in WeGIA's salvar_cargo.php endpoint allows authenticated attackers to execute arbitrary SQL queries. This could lead to data theft, modification, or deletion of sensitive information in charitable institution databases. All WeGIA installations before version 3.2.12 are affected.
💻 Affected Systems
- WeGIA Web Manager for Charitable Institutions
📦 What is this software?
Wegia by Wegia
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including exfiltration of sensitive donor/beneficiary data, financial records, and administrative credentials, potentially leading to data destruction or ransomware deployment.
Likely Case
Unauthorized access to sensitive personal information, modification of institutional records, and potential privilege escalation within the application.
If Mitigated
Limited impact due to proper input validation, parameterized queries, and database permission restrictions that prevent data exfiltration or system compromise.
🎯 Exploit Status
Exploitation requires authenticated access to the WeGIA application and knowledge of SQL injection techniques.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.2.12
Vendor Advisory: https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-pg73-w9vx-8mgp
Restart Required: No
Instructions:
1. Backup your WeGIA database and application files. 2. Download WeGIA version 3.2.12 from the official repository. 3. Replace existing WeGIA files with the patched version. 4. Verify the salvar_cargo.php endpoint now uses parameterized queries.
🔧 Temporary Workarounds
No official workarounds
allThe vendor states there are no known workarounds for this vulnerability
🧯 If You Can't Patch
- Implement a web application firewall (WAF) with SQL injection detection rules
- Restrict network access to WeGIA application to authorized users only
🔍 How to Verify
Check if Vulnerable:
Check if your WeGIA version is below 3.2.12 by examining the application version in the admin interface or checking the source code for vulnerable salvar_cargo.php patterns.Check Version:
Check WeGIA admin panel or examine application configuration files for version informationVerify Fix Applied:
Verify the salvar_cargo.php file in version 3.2.12 uses parameterized queries and proper input validation by reviewing the patched code in the GitHub commit.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL query patterns in database logs
- Multiple failed login attempts followed by salvar_cargo.php access
- Unexpected database schema changes or data exports
Network Indicators:
- Unusual traffic patterns to salvar_cargo.php endpoint
- SQL error messages in HTTP responses
- Suspicious parameter values in POST requests
SIEM Query:
source="web_logs" AND (uri="/salvar_cargo.php" AND (param="*' OR *" OR param="*;--*" OR param="*UNION*"))