CVE-2025-53529
BaseFortify
Publication date: 2025-07-07
Last updated on: 2025-07-10
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wegia | wegia | to 3.4.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a critical SQL Injection flaw in the WeGIA web manager for charitable institutions. It occurs in the /html/funcionario/profile_funcionario.php endpoint where the id_funcionario parameter is not properly sanitized or validated before being used in a SQL query. This allows an unauthenticated attacker to inject arbitrary SQL commands, potentially manipulating the database. [2]
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can read sensitive data such as user credentials, personally identifiable information (PII), and application configurations, compromising confidentiality. They can also modify or delete database records, including user profiles and system settings, impacting data integrity and availability. The vulnerability has a critical severity with a CVSS score of 9.8, meaning it can be exploited remotely without authentication or user interaction. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This SQL Injection vulnerability can be detected by testing the /html/funcionario/profile_funcionario.php endpoint, specifically the id_funcionario parameter, for SQL injection flaws. One method is to append SQL injection payloads to the id_funcionario parameter in the URL and observe the response for SQL errors such as PDOException errors indicating cardinality violations or other database errors. For example, you can use curl or a web proxy tool to send requests like: curl "http://yourserver/html/funcionario/profile_funcionario.php?id_funcionario=1' UNION SELECT ... -- " If the response contains SQL errors or unexpected data, it indicates the vulnerability. Automated tools like sqlmap can also be used to test this endpoint for SQL injection by specifying the vulnerable parameter. [2]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the WeGIA web manager to version 3.4.3 or later, where the vulnerability is fixed. The fix involves proper sanitization and validation of the id_funcionario parameter, likely by using prepared statements or parameterized queries instead of directly concatenating user input into SQL queries. Until the upgrade can be applied, consider implementing web application firewall (WAF) rules to block suspicious SQL injection payloads targeting the id_funcionario parameter and restrict access to the vulnerable endpoint if possible. [1, 2]