CVE-2025-27096

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Feb 20, 2025

Updated: Feb 28, 2025

CWE ID 89

Summary

CVE-2025-27096 is a SQL Injection vulnerability affecting the Portuguese language Web Manager for Institutions, WeGIA. The personalizacao_upload.php endpoint of the application has been identified as the source of this issue. An attacker with authorized access can exploit this vulnerability to execute arbitrary SQL queries, potentially gaining unauthorized access to sensitive information. Users are strongly advised to upgrade to version 3.2.14 to mitigate this risk, as there are currently no known workarounds for this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

WeGIA

Affected Vendors

WE Giá

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/3fnErd
https://www.cve.org/CVERecord?id=CVE-2025-27096
https://nvd.nist.gov/vuln/detail/CVE-2025-27096

Back to Vulnerability Database