Main Vulnerability Database Vulnerabilities #VU128703

SQL injection in WeGIA - CVE-2025-46828

Published: April 30, 2026

Vulnerability identifier: #VU128703

CSH Severity: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2025-46828

CWE-ID: CWE-89

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
WeGIA

Software vendor:
LabReDeS

Description

The vulnerability allows a remote attacker to execute arbitrary SQL statements against the database.

The vulnerability exists due to SQL injection in the /html/socio/sistema/get_socios.php endpoint when processing the POST query parameter. A remote attacker can send a specially crafted POST request to execute arbitrary SQL statements against the database.

This may lead to data exfiltration, authentication bypass, or complete database compromise.

Remediation

Install security update from vendor's website.

External links

https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-5qw5-q55h-6qg7
https://github.com/advisories/GHSA-5qw5-q55h-6qg7

SQL injection in WeGIA - CVE-2025-46828

Description

Remediation

External links

Please verify you're human