CVE-2025-59939 – This SQL injection vulnerability in WeGIA allow... (How to Fix)

Q: What is the severity of CVE-2025-59939?

CVE-2025-59939 has a CVSS score of 8.8 (HIGH). This SQL injection vulnerability in WeGIA allows attackers to execute arbitrary SQL commands through the control.php endpoint. It affects all WeGIA installations prior to version 3.5.0, potentially compromising database integrity and exposing sensitive charitable institution data.

📋 TL;DR

This SQL injection vulnerability in WeGIA allows attackers to execute arbitrary SQL commands through the control.php endpoint. It affects all WeGIA installations prior to version 3.5.0, potentially compromising database integrity and exposing sensitive charitable institution data.

💻 Affected Systems

Products:

WeGIA

Versions: All versions prior to 3.5.0

Operating Systems: Any

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the control.php endpoint with nomeClasse=ProdutoControle&metodo=excluir parameters

📦 What is this software?

Wegia by Wegia

View all CVEs affecting Wegia →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise allowing data theft, modification, or deletion; potential remote code execution if database permissions allow.

🟠

Likely Case

Unauthorized data access, extraction of sensitive information (donor data, financial records), and potential privilege escalation.

🟢

If Mitigated

Limited impact with proper input validation and prepared statements preventing SQL injection.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

SQL injection via id_produto parameter requires access to the control.php endpoint

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.5.0

Vendor Advisory: https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-jx9m-pgf8-v489

Restart Required: No

Instructions:

1. Backup current installation. 2. Download WeGIA version 3.5.0 or later. 3. Replace vulnerable files with patched version. 4. Verify functionality.

🔧 Temporary Workarounds

Input Validation Filter

all

Add server-side validation to only accept numeric values for id_produto parameter

Modify control.php to validate id_produto parameter with is_numeric() or similar function

WAF Rule

all

Implement web application firewall rules to block SQL injection patterns

Configure WAF to detect and block SQL injection attempts on control.php endpoint

🧯 If You Can't Patch

Implement strict input validation for id_produto parameter to only accept numeric values
Restrict access to control.php endpoint using IP whitelisting or authentication

🔍 How to Verify

Check if Vulnerable:

Test control.php endpoint with SQL injection payloads in id_produto parameter

Check Version:

Check WeGIA version in admin panel or configuration files

Verify Fix Applied:

Verify that SQL injection attempts no longer succeed and prepared statements are implemented

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed parameter validation attempts on control.php

Network Indicators:

HTTP requests to control.php with SQL keywords in parameters

SIEM Query:

source="web_logs" AND uri="/control.php" AND (param="id_produto" AND value MATCH "(?i)(SELECT|UNION|INSERT|DELETE|UPDATE|DROP|OR|AND)")

📊 Metadata

CVE ID: CVE-2025-59939

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

EPSS Score: 0.06% exploit probability (18.2th percentile)

Published: September 27, 2025

Last Updated: October 6, 2025

🔗 References

https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-jx9m-pgf8-v489 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-59939, you might also want to check these: