CVE-2025-27133

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Feb 24, 2025

Updated: Feb 28, 2025

CWE ID 89

Summary

CVE-2025-27133 is a SQL Injection vulnerability affecting the WeGIA web application used by charitable institutions. The issue was identified in the `adicionar_tipo_exame.php` endpoint of versions prior to 3.2.15. An attacker with authorized access can exploit this vulnerability to execute arbitrary SQL queries, potentially gaining access to sensitive information. The vulnerability has been addressed in version 3.2.15, which contains a patch to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

WeGIA

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/3kvANT
https://www.cve.org/CVERecord?id=CVE-2025-27133
https://nvd.nist.gov/vuln/detail/CVE-2025-27133

Back to Vulnerability Database

CVE-2025-27133

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations