Cyber Posture

CVE-2025-24957

CriticalPublic PoC

Published: 03 February 2025

Published
03 February 2025
Modified
13 February 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0049 65.5th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may leverage databases to mine valuable information.

Security Summary

CVE-2025-24957 is a SQL injection vulnerability (CWE-89) in the WeGIA application, a web manager for charitable institutions. The flaw resides in the `get_detalhes_socio.php` endpoint, enabling arbitrary SQL query execution. It affects WeGIA versions prior to 3.2.12 and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to high impacts on confidentiality, integrity, and availability.

An unauthenticated remote attacker can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation allows execution of arbitrary SQL queries, potentially granting access to or deletion of sensitive information in the database.

The GitHub Security Advisory (GHSA-x28g-6228-99p9) confirms the issue has been fixed in WeGIA version 3.2.12, urging all users to upgrade immediately. No workarounds are available.

Details

CWE(s)
CWE-89

Affected Products

wegia
wegia
≤ 3.2.12

MITRE ATT&CK Enterprise Techniques

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1213.006 Databases Collection
Adversaries may leverage databases to mine valuable information.
attack.mitre.org →
Why these techniques?

SQL injection in public-facing WeGIA web app enables remote unauthenticated exploitation (T1190) and arbitrary database queries for data access/deletion (T1213.006).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References