CVE-2025-52474
BaseFortify
Publication date: 2025-06-19
Last updated on: 2025-07-02
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wegia | wegia | to 3.4.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-52474 is a high-severity SQL Injection vulnerability in the WeGIA web manager for charitable institutions, specifically in the 'id' parameter of the /WeGIA/controle/control.php endpoint. This vulnerability allows an attacker to manipulate SQL queries by sending crafted requests, enabling unauthorized access to sensitive database information such as table names, user data, passwords, and logs. The endpoint is publicly accessible and does not require authentication, which increases the risk of exploitation. In some cases, exploitation could escalate to remote code execution depending on the database configuration. [1]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of sensitive data stored in the database, including user information, passwords, and logs. Because the endpoint is publicly accessible without authentication, attackers can exploit it remotely with low complexity and no user interaction. In worst-case scenarios, if the database allows, attackers might escalate the attack to remote code execution, potentially leading to full compromise of the application. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This SQL Injection vulnerability can be detected by sending crafted GET requests to the /WeGIA/controle/control.php endpoint with malicious payloads in the 'id' parameter. Tools like sqlmap can be used to automate detection and exploitation attempts. For example, a command using sqlmap could be: sqlmap -u "http://target/WeGIA/controle/control.php?id=1" --risk=3 --level=5 --dbs to enumerate databases. Monitoring for unusual or malformed GET requests to this endpoint may also help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading the WeGIA package to version 3.4.2 or later, where the vulnerability is patched. The patch implements strict input sanitization and validation, replacing unsafe input handling with filter_input() calls and changing form methods from GET to POST. If upgrading immediately is not possible, applying similar input validation and sanitization measures in your code, especially on the 'id' parameter of the /WeGIA/controle/control.php endpoint, can reduce risk. Additionally, monitoring and restricting access to the vulnerable endpoint can help mitigate exploitation. [2]