CVE-2025-27096 – A SQL injection vulnerability in WeGIA's person... (How to Fix)

Q: What is the severity of CVE-2025-27096?

CVE-2025-27096 has a CVSS score of 9.8 (CRITICAL). A SQL injection vulnerability in WeGIA's personalizacao_upload.php endpoint allows authenticated attackers to execute arbitrary SQL queries. This can lead to unauthorized access to sensitive database information. All WeGIA installations before version 3.2.14 are affected.

📋 TL;DR

A SQL injection vulnerability in WeGIA's personalizacao_upload.php endpoint allows authenticated attackers to execute arbitrary SQL queries. This can lead to unauthorized access to sensitive database information. All WeGIA installations before version 3.2.14 are affected.

💻 Affected Systems

Products:

WeGIA (Web Manager for Institutions)

Versions: All versions before 3.2.14

Operating Systems: Any OS running WeGIA

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to the vulnerable endpoint.

📦 What is this software?

Wegia by Wegia

View all CVEs affecting Wegia →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including user credentials, personal data, and administrative access leading to full system takeover.

🟠

Likely Case

Data exfiltration of sensitive information including user credentials, personal records, and application data.

🟢

If Mitigated

Limited impact with proper input validation and database permission restrictions in place.

🌐 Internet-Facing: HIGH - Web applications exposed to the internet are directly accessible to attackers.

🏢 Internal Only: MEDIUM - Internal attackers with valid credentials could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

SQL injection vulnerabilities are commonly exploited and tools like sqlmap can automate exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.2.14

Vendor Advisory: https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-j856-wh9m-9vpm

Restart Required: Yes

Instructions:

1. Backup your current WeGIA installation and database. 2. Download version 3.2.14 from the official repository. 3. Replace the vulnerable files with the patched version. 4. Restart the web server service.

🧯 If You Can't Patch

Implement a web application firewall (WAF) with SQL injection protection rules.
Restrict network access to the WeGIA application to trusted IP addresses only.

🔍 How to Verify

Check if Vulnerable:

Check if personalizacao_upload.php exists in your WeGIA installation and review the code for input validation.

Check Version:

Check the WeGIA version in the application interface or configuration files.

Verify Fix Applied:

Verify that the personalizacao_upload.php file in version 3.2.14 includes proper parameterized queries or input sanitization.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL query patterns in database logs
Multiple failed login attempts followed by access to personalizacao_upload.php

Network Indicators:

HTTP POST requests to personalizacao_upload.php with SQL keywords in parameters

SIEM Query:

source="web_server_logs" AND uri="/personalizacao_upload.php" AND (param CONTAINS "UNION" OR param CONTAINS "SELECT" OR param CONTAINS "INSERT")

📊 Metadata

CVE ID: CVE-2025-27096

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

EPSS Score: 0.41% exploit probability (60.8th percentile)

Published: February 20, 2025

Last Updated: February 28, 2025

🔗 References

https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-j856-wh9m-9vpm Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-27096, you might also want to check these: