CVE-2025-26610

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Feb 18, 2025

Updated: Feb 28, 2025

CWE ID 89

Summary

CVE-2025-26610 is a newly discovered SQL Injection vulnerability affecting the WeGIA Web Manager for Institutions. The issue lies in the `restaurar_produto_desocultar.php` endpoint, which enables an attacker, once authorized, to execute arbitrary SQL queries. This vulnerability grants unauthorized access to sensitive data. To mitigate this risk, users are advised to upgrade to version 3.2.13. Unfortunately, there are currently no known workarounds for this problem.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

WeGIA

Affected Vendors

WE Giá

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/3TAduz
https://www.cve.org/CVERecord?id=CVE-2025-26610
https://nvd.nist.gov/vuln/detail/CVE-2025-26610

Back to Vulnerability Database