CVE-2025-26614 – CVE-2025-26614 is a SQL injection vulnerability... (How to Fix)

Q: What is the severity of CVE-2025-26614?

CVE-2025-26614 has a CVSS score of 8.8 (HIGH). CVE-2025-26614 is a SQL injection vulnerability in WeGIA's deletar_documento.php endpoint that allows authenticated attackers to execute arbitrary SQL queries. This can lead to unauthorized access, data theft, or database manipulation. All WeGIA users running versions before 3.2.14 are affected.

📋 TL;DR

CVE-2025-26614 is a SQL injection vulnerability in WeGIA's deletar_documento.php endpoint that allows authenticated attackers to execute arbitrary SQL queries. This can lead to unauthorized access, data theft, or database manipulation. All WeGIA users running versions before 3.2.14 are affected.

💻 Affected Systems

Products:

WeGIA Web Manager

Versions: All versions before 3.2.14

Operating Systems: Any OS running WeGIA

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to the deletar_documento.php endpoint

📦 What is this software?

Wegia by Wegia

View all CVEs affecting Wegia →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including exfiltration of sensitive user data, administrative credentials, and potential remote code execution through database functions.

🟠

Likely Case

Unauthorized access to sensitive information stored in the database, including user credentials, personal data, and institutional records.

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries preventing successful exploitation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires authenticated access and knowledge of SQL injection techniques

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.2.14

Vendor Advisory: https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-3qhx-gfqj-vm2j

Restart Required: No

Instructions:

1. Backup your current WeGIA installation and database. 2. Download WeGIA version 3.2.14 from the official repository. 3. Replace the vulnerable deletar_documento.php file with the patched version. 4. Verify the application functions correctly.

🔧 Temporary Workarounds

No workarounds available

all

The vendor advisory states there are no known workarounds for this vulnerability

🧯 If You Can't Patch

Implement strict input validation and parameterized queries in the deletar_documento.php endpoint
Restrict access to the vulnerable endpoint using web application firewall rules or network segmentation

🔍 How to Verify

Check if Vulnerable:

Check if deletar_documento.php exists in your WeGIA installation and examine the code for lack of parameterized queries

Check Version:

Check the WeGIA configuration files or admin panel for version information

Verify Fix Applied:

Verify that WeGIA version is 3.2.14 or higher and that deletar_documento.php uses prepared statements

📡 Detection & Monitoring

Log Indicators:

Unusual SQL query patterns in database logs
Multiple failed delete operations with malformed parameters
Unexpected database access from WeGIA application user

Network Indicators:

Unusual POST requests to deletar_documento.php with SQL-like payloads
Abnormal database traffic patterns from the WeGIA server

SIEM Query:

source="web_server" AND uri="*deletar_documento.php*" AND (payload="*SELECT*" OR payload="*UNION*" OR payload="*OR 1=1*")

📊 Metadata

CVE ID: CVE-2025-26614

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

EPSS Score: 0.41% exploit probability (60.8th percentile)

Published: February 18, 2025

Last Updated: February 28, 2025

🔗 References

https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-3qhx-gfqj-vm2j Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-26614, you might also want to check these: