CVE-2025-26606 – A SQL injection vulnerability in WeGIA's inform... (How to Fix)

Q: What is the severity of CVE-2025-26606?

CVE-2025-26606 has a CVSS score of 9.8 (CRITICAL). A SQL injection vulnerability in WeGIA's informacao_adicional.php endpoint allows attackers to execute arbitrary SQL queries. This could lead to unauthorized access to sensitive database information. All WeGIA users running vulnerable versions are affected.

📋 TL;DR

A SQL injection vulnerability in WeGIA's informacao_adicional.php endpoint allows attackers to execute arbitrary SQL queries. This could lead to unauthorized access to sensitive database information. All WeGIA users running vulnerable versions are affected.

💻 Affected Systems

Products:

WeGIA

Versions: All versions before 3.2.13

Operating Systems: Any OS running WeGIA

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the informacao_adicional.php endpoint specifically

📦 What is this software?

Wegia by Wegia

View all CVEs affecting Wegia →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including exfiltration of all sensitive data, authentication bypass, and potential remote code execution through database functions.

🟠

Likely Case

Data theft of sensitive information stored in the database, including user credentials, personal information, and institutional data.

🟢

If Mitigated

Limited impact if proper input validation and WAF rules are in place, though SQL injection could still bypass some controls.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection vulnerabilities are commonly exploited and tooling exists for automated exploitation

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.2.13

Vendor Advisory: https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-rxjr-cw9q-cwwg

Restart Required: Yes

Instructions:

1. Backup your current WeGIA installation and database
2. Download WeGIA version 3.2.13 or later from the official repository
3. Replace the existing installation with the updated version
4. Restart the web server service

🧯 If You Can't Patch

Implement a web application firewall (WAF) with SQL injection rules
Restrict access to the informacao_adicional.php endpoint using network controls

🔍 How to Verify

Check if Vulnerable:

Check if informacao_adicional.php exists in your WeGIA installation and examine the code for proper input sanitization

Check Version:

Check the WeGIA version in the application interface or configuration files

Verify Fix Applied:

Verify the version is 3.2.13 or higher and test the informacao_adicional.php endpoint with SQL injection test payloads

📡 Detection & Monitoring

Log Indicators:

Unusual SQL error messages in web server logs
Multiple requests to informacao_adicional.php with SQL keywords in parameters

Network Indicators:

HTTP requests containing SQL injection patterns targeting the vulnerable endpoint

SIEM Query:

web.url:*informacao_adicional.php* AND (web.query:*UNION* OR web.query:*SELECT* OR web.query:*INSERT* OR web.query:*UPDATE* OR web.query:*DELETE*)

📊 Metadata

CVE ID: CVE-2025-26606

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

EPSS Score: 0.45% exploit probability (63th percentile)

Published: February 18, 2025

Last Updated: February 28, 2025

🔗 References

https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-rxjr-cw9q-cwwg Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-26606, you might also want to check these: