SQL Injection Vulnerability in WeGIA Web Manager for Portuguese Users
CVE-2025-62360

9.4CRITICAL

Key Information:

Vendor

Labredescefetrj

Status
Wegia
Vendor
CVE Published:
13 October 2025

What is CVE-2025-62360?

An SQL injection vulnerability has been identified in the WeGIA web application targeting the Portuguese language user base. The flaw resides in the /html/funcionario/dependente_documento.php endpoint, affecting the id_dependente parameter. This vulnerability could grant attackers the ability to execute arbitrary SQL commands, which poses a significant risk to the confidentiality, integrity, and availability of the associated database. A patch has been applied in version 3.5.1, which is critical for users to implement in order to secure their systems.

Affected Version(s)

WeGIA < 3.5.1

References

https://github.com/LabRedesCefetRJ/WeGIA/security/advisor...
x_refsource_CONFIRM
https://github.com/LabRedesCefetRJ/WeGIA/security/advisor...
x_refsource_MISC
https://github.com/LabRedesCefetRJ/WeGIA/issues/310
x_refsource_MISC

CVSS V4

Score:
9.4
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-62360 : SQL Injection Vulnerability in WeGIA Web Manager for Portuguese Users