CVE-2025-53091 – WeGIA Time-Based Blind SQL Injection

CVE ID : CVE-2025-53091

Published : June 27, 2025, 3:15 p.m. | 22 minutes ago

Description : WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Time-Based Blind SQL Injection vulnerability was discovered in version 3.3.3 the almox parameter of the `/controle/getProdutosPorAlmox.php` endpoint. This issue allows any unauthenticated attacker to inject arbitrary SQL queries, potentially leading to unauthorized data access or further exploitation depending on database configuration. Version 3.4.0 fixes the issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…