CVE-2025-30367
Published: 27 March 2025
Description
Adversaries may leverage databases to mine valuable information.
Security Summary
CVE-2025-30367 is a SQL injection vulnerability (CWE-89) affecting WeGIA, a web manager for charitable institutions, in versions prior to 3.2.6. The flaw resides in the nextPage parameter of the /WeGIA/controle/control.php endpoint, where insufficient input validation allows attackers to manipulate SQL queries. It has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity with high impacts on confidentiality, integrity, and availability.
Unauthenticated remote attackers can exploit this vulnerability over the network with low complexity and no user interaction required. By injecting malicious payloads into the nextPage parameter, they can manipulate database queries to extract sensitive information, such as table names and other confidential data stored in the backend database.
The GitHub security advisory (GHSA-7j9v-xgmm-h7wr) confirms that version 3.2.6 of WeGIA addresses the issue with a fix. Security practitioners should urge users to upgrade to this patched version immediately to mitigate the risk.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
SQL injection in unauthenticated public-facing web endpoint directly enables T1190 (Exploit Public-Facing Application) for remote access and facilitates T1213.006 (Databases) for extracting sensitive data via manipulated queries.