CVE-2025-24957 – This SQL injection vulnerability in WeGIA's get... (How to Fix)

Q: What is the severity of CVE-2025-24957?

CVE-2025-24957 has a CVSS score of 9.8 (CRITICAL). This SQL injection vulnerability in WeGIA's get_detalhes_socio.php endpoint allows authenticated attackers to execute arbitrary SQL queries. Attackers could read, modify, or delete sensitive database information including donor records, financial data, and personal information. All WeGIA installations before version 3.2.12 are affected.

📋 TL;DR

This SQL injection vulnerability in WeGIA's get_detalhes_socio.php endpoint allows authenticated attackers to execute arbitrary SQL queries. Attackers could read, modify, or delete sensitive database information including donor records, financial data, and personal information. All WeGIA installations before version 3.2.12 are affected.

💻 Affected Systems

Products:

WeGIA (Web Manager for Charitable Institutions)

Versions: All versions before 3.2.12

Operating Systems: Any OS running PHP and MySQL/MariaDB

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authentication to exploit, but default installations are vulnerable.

📦 What is this software?

Wegia by Wegia

View all CVEs affecting Wegia →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data destruction, or full system takeover via SQL injection to RCE chaining.

🟠

Likely Case

Unauthorized access to sensitive donor information, financial records, and organizational data with potential data exfiltration.

🟢

If Mitigated

Limited impact due to proper input validation, parameterized queries, and database permission restrictions.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

SQL injection vulnerabilities are commonly weaponized. Requires authenticated access but exploitation is straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.2.12

Vendor Advisory: https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-x28g-6228-99p9

Restart Required: No

Instructions:

1. Backup your database and application files. 2. Download WeGIA version 3.2.12 from the official repository. 3. Replace existing files with patched version. 4. Verify functionality.

🔧 Temporary Workarounds

No official workarounds

all

Vendor states no workarounds exist. Immediate patching is required.

🧯 If You Can't Patch

Implement strict network segmentation to isolate WeGIA from sensitive systems.
Deploy a web application firewall (WAF) with SQL injection protection rules.

🔍 How to Verify

Check if Vulnerable:

Check if get_detalhes_socio.php exists in your WeGIA installation and review version number.

Check Version:

grep -r 'version' WeGIA/configuration/ files or check admin dashboard

Verify Fix Applied:

Verify version is 3.2.12 or later by checking the application version in admin panel or source files.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL error messages in application logs
Multiple failed authentication attempts followed by SQL queries
Unusual database query patterns from application user

Network Indicators:

SQL syntax in HTTP POST/GET parameters to get_detalhes_socio.php
Unusual database connection patterns

SIEM Query:

source="wegia_logs" AND ("SQL syntax" OR "get_detalhes_socio.php" AND (UNION SELECT OR "--" OR "' OR "))

📊 Metadata

CVE ID: CVE-2025-24957

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

EPSS Score: 0.41% exploit probability (60.5th percentile)

Published: February 3, 2025

Last Updated: February 13, 2025

🔗 References

https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-x28g-6228-99p9 Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-24957, you might also want to check these: