CVE-2025-26610 – A SQL injection vulnerability in WeGIA's restau... (How to Fix)

Q: What is the severity of CVE-2025-26610?

CVE-2025-26610 has a CVSS score of 9.8 (CRITICAL). A SQL injection vulnerability in WeGIA's restaurar_produto_desocultar.php endpoint allows authenticated attackers to execute arbitrary SQL queries. This can lead to unauthorized access to sensitive database information including user credentials and institutional data. All WeGIA installations before version 3.2.13 are affected.

📋 TL;DR

A SQL injection vulnerability in WeGIA's restaurar_produto_desocultar.php endpoint allows authenticated attackers to execute arbitrary SQL queries. This can lead to unauthorized access to sensitive database information including user credentials and institutional data. All WeGIA installations before version 3.2.13 are affected.

💻 Affected Systems

Products:

WeGIA

Versions: All versions before 3.2.13

Operating Systems: All platforms running WeGIA

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to exploit. Portuguese language focus but vulnerability affects all installations.

📦 What is this software?

Wegia by Wegia

View all CVEs affecting Wegia →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, privilege escalation, and potential system takeover via SQL commands that modify or delete critical data.

🟠

Likely Case

Unauthorized access to sensitive information including user credentials, personal data, and institutional records stored in the database.

🟢

If Mitigated

Limited impact if proper input validation and parameterized queries are implemented, with database permissions restricted to prevent data modification.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

SQL injection vulnerabilities are commonly exploited. Requires authenticated access but exploitation is straightforward once credentials are obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.2.13

Vendor Advisory: https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-6p7c-9hcx-jpqj

Restart Required: No

Instructions:

1. Backup current installation and database. 2. Download WeGIA version 3.2.13 from official repository. 3. Replace affected files with patched version. 4. Verify functionality after update.

🧯 If You Can't Patch

Implement web application firewall (WAF) with SQL injection rules
Restrict database user permissions to read-only for application accounts

🔍 How to Verify

Check if Vulnerable:

Check if restaurar_produto_desocultar.php exists in WeGIA installation and review version number

Check Version:

Check WeGIA version in admin panel or review application files for version markers

Verify Fix Applied:

Verify version is 3.2.13 or later and test endpoint with SQL injection test payloads

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in application logs
Multiple failed authentication attempts followed by SQL-like patterns in requests

Network Indicators:

SQL keywords in HTTP POST parameters to restaurar_produto_desocultar.php
Unusual database connection patterns

SIEM Query:

source="wegia_logs" AND ("SELECT" OR "UNION" OR "INSERT" OR "UPDATE" OR "DELETE") AND "restaurar_produto_desocultar.php"

📊 Metadata

CVE ID: CVE-2025-26610

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

EPSS Score: 0.41% exploit probability (60.8th percentile)

Published: February 18, 2025

Last Updated: February 28, 2025

🔗 References

https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-6p7c-9hcx-jpqj Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-26610, you might also want to check these: