CVE-2025-24905
📋 TL;DR
CVE-2025-24905 is a critical SQL injection vulnerability in WeGIA's get_codigobarras_cobranca.php endpoint that allows authenticated attackers to execute arbitrary SQL queries. This could lead to data theft, data manipulation, or complete database compromise. All WeGIA installations before version 3.2.12 are affected.
💻 Affected Systems
- WeGIA (Web Manager for Charitable Institutions)
📦 What is this software?
Wegia by Wegia
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including exfiltration of all sensitive data (donor information, financial records, personal data), data destruction, and potential system takeover via SQL injection chaining.
Likely Case
Unauthorized access to sensitive donor and financial data, data manipulation in charitable records, and potential privilege escalation within the application.
If Mitigated
Limited impact due to proper input validation, parameterized queries, and database user privilege restrictions.
🎯 Exploit Status
Requires authenticated access but SQL injection exploitation is typically straightforward once access is obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.2.12
Vendor Advisory: https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-qjc6-5qv6-fr8m
Restart Required: No
Instructions:
1. Backup your current WeGIA installation and database. 2. Download WeGIA version 3.2.12 from the official repository. 3. Replace the vulnerable get_codigobarras_cobranca.php file with the patched version. 4. Verify the application functions correctly.
🔧 Temporary Workarounds
No official workarounds
allThe vendor states there are no known workarounds for this vulnerability.
🧯 If You Can't Patch
- Implement strict input validation and parameterized queries for all database interactions
- Restrict database user permissions to minimum required privileges and implement network segmentation
🔍 How to Verify
Check if Vulnerable:
Check if your WeGIA version is below 3.2.12 by examining the application version in the admin interface or checking the source code.Check Version:
Check WeGIA admin dashboard or examine application configuration files for version information.Verify Fix Applied:
Verify the application version shows 3.2.12 or higher in the admin interface and confirm the get_codigobarras_cobranca.php file has been updated.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL query patterns in database logs
- Multiple failed login attempts followed by access to get_codigobarras_cobranca.php
- Unexpected database schema changes or data access patterns
Network Indicators:
- Unusual traffic patterns to the vulnerable endpoint
- SQL error messages in HTTP responses
- Unexpected database connection attempts
SIEM Query:
source="web_logs" AND (uri="*get_codigobarras_cobranca.php*" AND (query="*UNION*" OR query="*SELECT*" OR query="*INSERT*" OR query="*DELETE*" OR query="*DROP*"))