Vulnerability Description
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users.Prior to 3.5.1, a SQL Injection vulnerability was identified in the /html/funcionario/dependente_documento.php endpoint, specifically in the id_dependente parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This vulnerability is fixed in 3.5.1.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wegia | Wegia | < 3.5.1 |
Related Weaknesses (CWE)
References
- https://github.com/LabRedesCefetRJ/WeGIA/commit/7abbffd3915a64b97dde01954222fc0fPatch
- https://github.com/LabRedesCefetRJ/WeGIA/issues/310Issue TrackingVendor Advisory
- https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-m4j6-q5m4-x24gExploitVendor Advisory
- https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-mwvv-q9gh-gwxmExploitVendor Advisory
FAQ
What is CVE-2025-62360?
CVE-2025-62360 is a vulnerability with a CVSS score of 8.8 (HIGH). WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users.Prior to 3.5.1, a SQL Injection vulnerability was identified in the /html/funcionario/dependente_document...
How severe is CVE-2025-62360?
CVE-2025-62360 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-62360?
Check the references section above for vendor advisories and patch information. Affected products include: Wegia Wegia.