CVE-2025-61605
📋 TL;DR
WeGIA versions 3.4.12 and below contain an SQL injection vulnerability in the /pet/profile_pet.php endpoint via the id_pet parameter. This allows attackers to execute arbitrary SQL commands, potentially compromising the entire database. All charitable institutions using vulnerable WeGIA installations are affected.
💻 Affected Systems
- WeGIA
📦 What is this software?
Wegia by Wegia
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including data theft, data destruction, and potential remote code execution via database functions.
Likely Case
Data exfiltration of sensitive donor information, financial records, and beneficiary data, followed by database manipulation or destruction.
If Mitigated
Limited impact with proper input validation and database permissions, potentially only affecting non-sensitive data.
🎯 Exploit Status
SQL injection via URL parameter is trivial to exploit with standard tools like sqlmap.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.5.0
Vendor Advisory: https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-8963-9833-gpx7
Restart Required: No
Instructions:
1. Backup your database and application files. 2. Download WeGIA version 3.5.0 from the official repository. 3. Replace all files with the new version. 4. Verify the /pet/profile_pet.php endpoint now properly validates the id_pet parameter.
🔧 Temporary Workarounds
Web Application Firewall (WAF) Rules
allBlock SQL injection patterns targeting the /pet/profile_pet.php endpoint
Input Validation Filter
allAdd server-side validation to only accept numeric values for id_pet parameter
Add: if(!is_numeric($_GET['id_pet'])) { die('Invalid input'); }
🧯 If You Can't Patch
- Block external access to /pet/profile_pet.php endpoint via firewall rules
- Implement database user with minimal permissions (read-only if possible)
🔍 How to Verify
Check if Vulnerable:
Test the /pet/profile_pet.php?id_pet=1' endpoint for SQL error messages or use sqlmap: sqlmap -u 'http://target/pet/profile_pet.php?id_pet=1'Check Version:
Check WeGIA version in admin panel or examine version.php fileVerify Fix Applied:
Attempt SQL injection payloads against the patched endpoint and verify they are rejected without database errors📡 Detection & Monitoring
Log Indicators:
- SQL syntax errors in web server logs
- Unusual database queries from web application user
- Multiple rapid requests to /pet/profile_pet.php with varying parameters
Network Indicators:
- HTTP requests to /pet/profile_pet.php containing SQL keywords (UNION, SELECT, INSERT, etc.)
- Unusual database port traffic from web server
SIEM Query:
source="web_logs" AND uri="/pet/profile_pet.php" AND (query="*UNION*" OR query="*SELECT*" OR query="*INSERT*")