SQL Injection Vulnerability in WeGIA Web Manager for Institutions
CVE-2025-62177
8.6HIGH
What is CVE-2025-62177?
A SQL Injection vulnerability has been discovered in WeGIA, an open source Web Manager for Institutions tailored for Portuguese language users. This issue is found in the /html/funcionario/dependente_listar.php endpoint, specifically affecting the id_funcionario parameter. By exploiting this vulnerability, attackers can execute arbitrary SQL commands, potentially jeopardizing the confidentiality, integrity, and availability of sensitive database information. Users are encouraged to upgrade to version 3.5.1, where this vulnerability has been addressed.
Affected Version(s)
WeGIA < 3.5.1