CVE-2025-67501
📋 TL;DR
CVE-2025-67501 is an SQL injection vulnerability in WeGIA web management software that allows attackers to execute arbitrary SQL commands through the id_categoria parameter. This affects all WeGIA installations running version 3.5.4 or earlier. Attackers could potentially read, modify, or delete database contents.
💻 Affected Systems
- WeGIA Web Manager for Institutions
📦 What is this software?
Wegia by Wegia
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including data theft, data destruction, authentication bypass, and potential remote code execution if database functions allow it.
Likely Case
Unauthorized data access and extraction, potentially exposing sensitive institutional information stored in the database.
If Mitigated
Limited impact with proper input validation and database permissions, potentially only allowing data viewing from accessible tables.
🎯 Exploit Status
SQL injection vulnerabilities are commonly weaponized. The advisory shows the vulnerable code path, making exploitation straightforward for attackers.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.5.5
Vendor Advisory: https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-hj2x-qfm3-2869
Restart Required: No
Instructions:
1. Backup your current installation and database. 2. Download version 3.5.5 from the official GitHub releases. 3. Replace the vulnerable file /html/matPat/editar_categoria.php with the patched version. 4. Verify the fix by checking the commit f04b91f584a38c2061a071d26219dba3f25819e6 is applied.
🔧 Temporary Workarounds
Input Validation Filter
allAdd server-side validation to ensure id_categoria parameter contains only numeric values
Add to editar_categoria.php: if(!is_numeric($_GET['id_categoria'])) { die('Invalid input'); }
WAF Rule
allImplement web application firewall rules to block SQL injection patterns
ModSecurity rule: SecRule ARGS:id_categoria "@detectSQLi" "id:1001,phase:2,deny,status:403"
🧯 If You Can't Patch
- Block access to /html/matPat/editar_categoria.php endpoint at network or application level
- Implement strict database user permissions with read-only access where possible
🔍 How to Verify
Check if Vulnerable:
Check if version is 3.5.4 or earlier and examine editar_categoria.php for lack of input validation on id_categoria parameterCheck Version:
Check WeGIA configuration files or admin panel for version informationVerify Fix Applied:
Verify the editar_categoria.php file contains proper parameterized queries or input validation as shown in commit f04b91f📡 Detection & Monitoring
Log Indicators:
- Unusual SQL error messages in application logs
- Multiple failed requests to editar_categoria.php with SQL syntax in parameters
Network Indicators:
- HTTP requests to /html/matPat/editar_categoria.php containing SQL keywords like UNION, SELECT, INSERT
SIEM Query:
source="web_logs" AND uri="/html/matPat/editar_categoria.php" AND (param="id_categoria" AND value MATCHES "(?i)(union|select|insert|delete|drop|--|#)")