CVE-2025-30367
Published: 27 March 2025
Summary
CVE-2025-30367 is a critical-severity SQL Injection (CWE-89) vulnerability in Wegia Wegia. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 47.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-10 requires validating inputs such as the nextPage parameter to ensure they conform to expected formats, directly preventing SQL injection manipulation of database queries.
SI-2 mandates timely flaw remediation, including applying the patch in WeGIA version 3.2.6 to eliminate the SQL injection vulnerability.
SI-9 enforces restrictions on information inputs like length and character sets for parameters such as nextPage, limiting the feasibility of SQL injection payloads.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SQL injection in unauthenticated public-facing web endpoint directly enables T1190 (Exploit Public-Facing Application) for remote access and facilitates T1213.006 (Databases) for extracting sensitive data via manipulated queries.
NVD Description
WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.2.6 in the nextPage parameter of the /WeGIA/controle/control.php endpoint. This vulnerability allows attacker to manipulate SQL queries and access sensitive database information,…
more
such as table names and sensitive data. Version 3.2.6 contains a fix for the issue.
Deeper analysisAI
CVE-2025-30367 is a SQL injection vulnerability (CWE-89) affecting WeGIA, a web manager for charitable institutions, in versions prior to 3.2.6. The flaw resides in the nextPage parameter of the /WeGIA/controle/control.php endpoint, where insufficient input validation allows attackers to manipulate SQL queries. It has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity with high impacts on confidentiality, integrity, and availability.
Unauthenticated remote attackers can exploit this vulnerability over the network with low complexity and no user interaction required. By injecting malicious payloads into the nextPage parameter, they can manipulate database queries to extract sensitive information, such as table names and other confidential data stored in the backend database.
The GitHub security advisory (GHSA-7j9v-xgmm-h7wr) confirms that version 3.2.6 of WeGIA addresses the issue with a fix. Security practitioners should urge users to upgrade to this patched version immediately to mitigate the risk.
Details
- CWE(s)