CVE-2025-26612 – CVE-2025-26612 is a critical SQL injection vuln... (How to Fix)

Q: What is the severity of CVE-2025-26612?

CVE-2025-26612 has a CVSS score of 9.8 (CRITICAL). CVE-2025-26612 is a critical SQL injection vulnerability in WeGIA's adicionar_almoxarife.php endpoint that allows attackers to execute arbitrary SQL queries. This could lead to unauthorized access to sensitive database information including user credentials, personal data, and system configurations. All WeGIA users running versions before 3.2.13 are affected.

📋 TL;DR

CVE-2025-26612 is a critical SQL injection vulnerability in WeGIA's adicionar_almoxarife.php endpoint that allows attackers to execute arbitrary SQL queries. This could lead to unauthorized access to sensitive database information including user credentials, personal data, and system configurations. All WeGIA users running versions before 3.2.13 are affected.

💻 Affected Systems

Products:

WeGIA

Versions: All versions before 3.2.13

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the adicionar_almoxarife.php endpoint specifically. No special configuration required for exploitation.

📦 What is this software?

Wegia by Wegia

View all CVEs affecting Wegia →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise allowing data theft, privilege escalation, and potential remote code execution through database functions.

🟠

Likely Case

Unauthorized access to sensitive information including user credentials, personal data, and application configuration.

🟢

If Mitigated

Limited impact with proper input validation and database permission restrictions, but still potential for information disclosure.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection vulnerabilities are commonly weaponized. The advisory suggests exploitation is straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.2.13

Vendor Advisory: https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-9cwj-p4x6-pp88

Restart Required: Yes

Instructions:

1. Backup your current WeGIA installation and database. 2. Download WeGIA version 3.2.13 from the official repository. 3. Replace the existing installation with the new version. 4. Restart the web server service. 5. Verify the application functions correctly.

🧯 If You Can't Patch

Implement a web application firewall (WAF) with SQL injection detection rules.
Restrict network access to the WeGIA application to trusted IP addresses only.

🔍 How to Verify

Check if Vulnerable:

Check if your WeGIA version is below 3.2.13 by examining the application version in the admin interface or checking the source code.

Check Version:

Check the WeGIA admin dashboard or examine the application's configuration files for version information.

Verify Fix Applied:

Verify the application version shows 3.2.13 or higher in the admin interface.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL query patterns in database logs
Multiple failed login attempts or unusual parameter values in web server logs for adicionar_almoxarife.php

Network Indicators:

HTTP requests to adicionar_almoxarife.php with SQL keywords in parameters
Unusual database connection patterns from the web server

SIEM Query:

source="web_server" AND uri="*adicionar_almoxarife.php*" AND (param="*SELECT*" OR param="*UNION*" OR param="*INSERT*" OR param="*DELETE*" OR param="*UPDATE*")

📊 Metadata

CVE ID: CVE-2025-26612

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

EPSS Score: 0.48% exploit probability (64.7th percentile)

Published: February 18, 2025

Last Updated: February 28, 2025

🔗 References

https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-9cwj-p4x6-pp88 Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-26612, you might also want to check these: