SQL Injection Vulnerability in WeGIA Web Manager for Institutions
CVE-2025-62177

8.6HIGH

Key Information:

Status
Vendor
CVE Published:
13 October 2025

What is CVE-2025-62177?

A SQL Injection vulnerability has been discovered in WeGIA, an open source Web Manager for Institutions tailored for Portuguese language users. This issue is found in the /html/funcionario/dependente_listar.php endpoint, specifically affecting the id_funcionario parameter. By exploiting this vulnerability, attackers can execute arbitrary SQL commands, potentially jeopardizing the confidentiality, integrity, and availability of sensitive database information. Users are encouraged to upgrade to version 3.5.1, where this vulnerability has been addressed.

Affected Version(s)

WeGIA < 3.5.1

References

CVSS V4

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-62177 : SQL Injection Vulnerability in WeGIA Web Manager for Institutions