CVE-2025-26605 – A SQL injection vulnerability in WeGIA's deleta... (How to Fix)

Q: What is the severity of CVE-2025-26605?

CVE-2025-26605 has a CVSS score of 8.8 (HIGH). A SQL injection vulnerability in WeGIA's deletar_cargo.php endpoint allows authenticated attackers to execute arbitrary SQL queries. This could lead to unauthorized access to sensitive database information. All WeGIA users running versions before 3.2.13 are affected.

📋 TL;DR

A SQL injection vulnerability in WeGIA's deletar_cargo.php endpoint allows authenticated attackers to execute arbitrary SQL queries. This could lead to unauthorized access to sensitive database information. All WeGIA users running versions before 3.2.13 are affected.

💻 Affected Systems

Products:

WeGIA

Versions: All versions before 3.2.13

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to the deletar_cargo.php endpoint

📦 What is this software?

Wegia by Wegia

View all CVEs affecting Wegia →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including exfiltration of all sensitive data, privilege escalation, and potential system takeover.

🟠

Likely Case

Unauthorized access to sensitive user data, organizational information, and potential data manipulation.

🟢

If Mitigated

Limited impact with proper input validation and database permission restrictions in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires authentication but SQL injection is a well-understood attack vector

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.2.13

Vendor Advisory: https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-6gv7-4j8g-cvgp

Restart Required: No

Instructions:

1. Backup your current WeGIA installation and database. 2. Download WeGIA version 3.2.13 from the official repository. 3. Replace the vulnerable files with the patched version. 4. Verify the update was successful.

🔧 Temporary Workarounds

No official workarounds

all

The vendor states there are no known workarounds for this vulnerability

🧯 If You Can't Patch

Implement strict input validation and parameterized queries at the application layer
Restrict database user permissions to minimum required privileges

🔍 How to Verify

Check if Vulnerable:

Check if deletar_cargo.php exists in your WeGIA installation and verify the version is below 3.2.13

Check Version:

Check WeGIA version in the application interface or configuration files

Verify Fix Applied:

Verify the version is 3.2.13 or higher and check that deletar_cargo.php has proper input validation

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed authentication attempts followed by deletar_cargo.php access

Network Indicators:

Unusual patterns of requests to deletar_cargo.php endpoint

SIEM Query:

source="web_logs" AND uri="*deletar_cargo.php*" AND (query="*SELECT*" OR query="*UNION*" OR query="*OR 1=1*")

📊 Metadata

CVE ID: CVE-2025-26605

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

EPSS Score: 0.41% exploit probability (60.8th percentile)

Published: February 18, 2025

Last Updated: April 10, 2025

🔗 References

https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-6gv7-4j8g-cvgp Exploit,Vendor Advisory
https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-6gv7-4j8g-cvgp Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-26605, you might also want to check these: