{"vulnerability": "GHSA-H2MG-4C7Q-W69V", "sightings": [{"uuid": "3bf1ae40-106a-4c50-86a8-0944b62712fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-H2MG-4C7Q-W69V", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2364", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23219\n\ud83d\udd39 Description: WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionar_cor.php endpoint. This vulnerability allows attackers to execute arbitrary SQL commands in the database, allowing unauthorized access to sensitive information. During the exploit, it was possible to perform a complete dump of the application's database, highlighting the severity of the flaw. This vulnerability is fixed in 3.2.10.\n\ud83d\udccf Published: 2025-01-20T15:47:39.681Z\n\ud83d\udccf Modified: 2025-01-20T15:47:39.681Z\n\ud83d\udd17 References:\n1. https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-h2mg-4c7q-w69v\n2. https://github.com/LabRedesCefetRJ/WeGIA/commit/ae9c859006143bd0087b3e6e48a0677e1fff5c7e", "creation_timestamp": "2025-01-20T16:01:43.000000Z"}, {"uuid": "5021db3b-328c-4474-b16c-60cbcf3aa885", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-h2mg-4c7q-w69v", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113861471504281674", "content": "", "creation_timestamp": "2025-01-20T15:49:36.634123Z"}]}