CVE-2025-26608 – A SQL injection vulnerability in WeGIA's depend... (How to Fix)

Q: What is the severity of CVE-2025-26608?

CVE-2025-26608 has a CVSS score of 9.8 (CRITICAL). A SQL injection vulnerability in WeGIA's dependente_docdependente.php endpoint allows attackers to execute arbitrary SQL queries. This could lead to unauthorized access to sensitive database information. All WeGIA users running versions before 3.2.13 are affected.

📋 TL;DR

A SQL injection vulnerability in WeGIA's dependente_docdependente.php endpoint allows attackers to execute arbitrary SQL queries. This could lead to unauthorized access to sensitive database information. All WeGIA users running versions before 3.2.13 are affected.

💻 Affected Systems

Products:

WeGIA

Versions: All versions before 3.2.13

Operating Systems: All platforms running WeGIA

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the dependente_docdependente.php endpoint specifically

📦 What is this software?

Wegia by Wegia

View all CVEs affecting Wegia →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including exfiltration of all sensitive data, authentication bypass, privilege escalation, and potential remote code execution.

🟠

Likely Case

Unauthorized access to sensitive user data, configuration information, and potential authentication bypass.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and database permission restrictions in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection vulnerabilities are typically easy to exploit with basic tools

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.2.13

Vendor Advisory: https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-65h2-7484-2pww

Restart Required: Yes

Instructions:

1. Backup your current WeGIA installation and database. 2. Download WeGIA version 3.2.13 or later from the official repository. 3. Replace the existing installation with the updated version. 4. Restart the web server service.

🔧 Temporary Workarounds

No official workarounds

all

The vendor states there are no known workarounds for this vulnerability

🧯 If You Can't Patch

Implement a web application firewall (WAF) with SQL injection detection rules
Restrict network access to the WeGIA application to trusted IP addresses only

🔍 How to Verify

Check if Vulnerable:

Check if dependente_docdependente.php exists in your WeGIA installation and review version number

Check Version:

Check WeGIA configuration files or admin panel for version information

Verify Fix Applied:

Verify the application version is 3.2.13 or higher and test the dependente_docdependente.php endpoint with SQL injection test payloads

📡 Detection & Monitoring

Log Indicators:

Unusual SQL error messages in web server logs
Multiple failed SQL query attempts to dependente_docdependente.php
Unexpected database queries from web application

Network Indicators:

HTTP requests to dependente_docdependente.php with SQL keywords in parameters
Unusual database traffic patterns from web server

SIEM Query:

source="web_server" AND (uri="*dependente_docdependente.php*" AND (param="*SELECT*" OR param="*UNION*" OR param="*OR 1=1*"))

📊 Metadata

CVE ID: CVE-2025-26608

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

EPSS Score: 0.45% exploit probability (63th percentile)

Published: February 18, 2025

Last Updated: February 28, 2025

🔗 References

https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-65h2-7484-2pww Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-26608, you might also want to check these: