- Description
- WeGIA is a web manager for charitable institutions. An unauthenticated SQL Injection vulnerability was identified in versions up to and including 3.3.0 in the endpoint `/html/socio/sistema/get_socios.php`, specifically in the query parameter. This issue allows attackers to inject and execute arbitrary SQL statements against the application's underlying database. As a result, it may lead to data exfiltration, authentication bypass, or complete database compromise. Version 3.3.1 fixes the issue.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
CVSS 4.0
- Type
- Secondary
- Base score
- 10
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security-advisories@github.com
- CWE-89
- Hype score
- Not currently trending
[CVE-2025-46828: CRITICAL] Critical SQL Injection vulnerability in WeGIA web manager for charities in versions up to 3.3.0 at /html/socio/sistema/get_socios.php. Upgrade to 3.3.1 to fix security flaw. #cyber...#cve,CVE-2025-46828,#cybersecurity https://t.co/PsIudWgMEO https://t.c
@CveFindCom
9 May 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-46828 ⚠️🔴 CRITICAL (10) 🏢 LabRedesCefetRJ - WeGIA 🏗️ < 3.3.1 🔗 https://t.co/Ks83OyXKJo 🔗 https://t.co/SyXoyqp26F #CyberCron #VulnAlert #InfoSec https://t.co/8stcB4vrl5
@cybercronai
8 May 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 A critical SQL injection flaw (CVE-2025-46828) found in WeGIA affects all versions ≤ 3.3.0. Unauthenticated attackers can exfiltrate data or fully compromise databases. Patch to 3.3.1 now. #cybersecurity #infosec #SQLi 🔗 https://t.co/81jWo43VKw
@threatsbank
8 May 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-46828 Unauthenticated SQL Injection Vulnerability in WeGIA Web Manager ... https://t.co/BZKkKsEAvi Customizable Vulnerability Alerts: https://t.co/U7998fz7yk
@VulmonFeeds
8 May 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-46828 WeGIA is a web manager for charitable institutions. An unauthenticated SQL Injection vulnerability was identified in versions up to and including 3.3.0 in the endpoi… https://t.co/lG0l8H4weF
@CVEnew
7 May 2025
80 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wegia:wegia:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3BE51290-21DD-47B4-A936-2B0916AB45BE",
"versionEndExcluding": "3.3.1"
}
],
"operator": "OR"
}
]
}
]