Main Vulnerability Database Vulnerabilities #VU129021

SQL injection in WeGIA - CVE-2025-26611

Published: February 16, 2025 / Updated: May 2, 2026

Vulnerability identifier: #VU129021

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2025-26611

CWE-ID: CWE-89

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: LabReDeS

Affected software:
WeGIA

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary SQL queries and disclose sensitive information.

The vulnerability exists due to SQL injection in the remover_produto.php endpoint when handling a crafted id_produto GET parameter. A remote attacker can send a specially crafted request to execute arbitrary SQL queries and disclose sensitive information.

The issue can be exploited without being logged in because execution continues after the redirect logic.

How to mitigate CVE-2025-26611

Install security update from vendor's website.

SQL injection in WeGIA - CVE-2025-26611

Detailed vulnerability description

How to mitigate CVE-2025-26611

Sources

Please verify you're human