CVE-2025-26614

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Feb 18, 2025

Updated: Feb 28, 2025

CWE ID 89

Summary

CVE-2025-26614 is a SQL Injection vulnerability affecting the WeGIA Web Manager application, specifically the `deletar_documento.php` endpoint. This issue enables authorized attackers to execute arbitrary SQL queries, granting them unauthorized access to sensitive information. No known workarounds exist, and users are urged to upgrade to version 3.2.14 to mitigate this risk. Portuguese language institutions using WeGIA are advised to prioritize this update to protect against potential data breaches.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

WeGIA

Affected Vendors

WE Giá

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/3TBBiC
https://www.cve.org/CVERecord?id=CVE-2025-26614
https://nvd.nist.gov/vuln/detail/CVE-2025-26614

Back to Vulnerability Database