WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users.Prior to 3.5.1, a SQL Injection vulnerability was identified in the /html/funcionario/dependente_documento.php endpoint, specifically in the id_dependente parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This vulnerability is fixed in 3.5.1.
References
| Link | Resource |
|---|---|
| https://github.com/LabRedesCefetRJ/WeGIA/commit/7abbffd3915a64b97dde01954222fc0fbd804f70 | Patch |
| https://github.com/LabRedesCefetRJ/WeGIA/issues/310 | Issue Tracking Vendor Advisory |
| https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-m4j6-q5m4-x24g | Exploit Vendor Advisory |
| https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-mwvv-q9gh-gwxm | Exploit Vendor Advisory |
Configurations
History
20 Oct 2025, 16:04
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:wegia:wegia:*:*:*:*:*:*:*:* | |
| References | () https://github.com/LabRedesCefetRJ/WeGIA/commit/7abbffd3915a64b97dde01954222fc0fbd804f70 - Patch | |
| References | () https://github.com/LabRedesCefetRJ/WeGIA/issues/310 - Issue Tracking, Vendor Advisory | |
| References | () https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-m4j6-q5m4-x24g - Exploit, Vendor Advisory | |
| References | () https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-mwvv-q9gh-gwxm - Exploit, Vendor Advisory | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
| First Time |
Wegia
Wegia wegia |
13 Oct 2025, 22:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-10-13 22:15
Updated : 2025-10-20 16:04
NVD link : CVE-2025-62360
Mitre link : CVE-2025-62360
CVE.ORG link : CVE-2025-62360
JSON object : View
Products Affected
wegia
- wegia
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')