QwikSec

Security Database

CVE

CWE

Training

CVE-2025-53527

Published: Jul 7, 2025

Modified: Jul 8, 2025

PUBLISHED

Description

WeGIA is a web manager for charitable institutions. A Time-Based Blind SQL Injection vulnerability was discovered in the almox parameter of the /controle/relatorio_geracao.php endpoint. This issue allows attacker to inject arbitrary SQL queries, potentially leading to unauthorized data access or further exploitation depending on database configuration. This vulnerability is fixed in 3.4.1.

Vendor	Product	Versions
LabRedesCefetRJ	WeGIA	affected `>= 3.3.3, < 3.4.1`

Weaknesses (CWE)

References

https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-43xw-c4g6-jgff

x_refsource_CONFIRM

https://github.com/LabRedesCefetRJ/WeGIA/commit/9de9a741d1d26ae76b2215a32660817d9bd452aa

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.