Skip to main content

Breaking cybersecurity news

Vulnerability database

EU vulnerability data

Hands-on web security training

Security incidents database

Knowledge library

Analytics & trends

Follow us

Professional cybersecurity intelligence

Breaking cybersecurity news

Vulnerability database

EU vulnerability data

Hands-on web security training

Security incidents database

Knowledge library

Analytics & trends

Follow us

About Sources Sponsored Articles Status Legal Terms

v2.3.3•© 2026

Telegram Bluesky GitHub Contact

Return to CVE list

CVE-2025-22140

CVE-2025-22140

9.4

Critical

Published:8 Jan 2025

Last updated:17 Jun 2026

Source:security-advisories@github.com

Analyzed

Weakness (CWE)

CWE-89SQL Injection

CVSS Vector

v4.0

Attack Vector: Network
Attack Complexity: Low
Attack Requirements: None
Privileges Required: Low
User Interaction: None
Confidentiality (Vulnerable): High
Integrity (Vulnerable): High
Availability (Vulnerable): High
Confidentiality (Subsequent): High
Integrity (Subsequent): High
Availability (Subsequent): High

View on MITRE Find PoC on GitHub

Description

WeGIA is a web manager for charitable institutions. A SQL Injection vulnerability was identified in the /html/funcionario/dependente_listar_um.php endpoint, specifically in the id_dependente parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This vulnerability is fixed in 3.2.8.

References

security-advisories@github.com

https://github.com/nilsonLazarin/WeGIA/security/advisories/GHSA-mrhp-wfp2-59h5

134c704f-9b21-4f2e-91b3-4a467353bcc0

https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-mrhp-wfp2-59h5