SQL Injection Vulnerability in WeGIA Web Manager for Portuguese Users
CVE-2025-67501

9.4CRITICAL

Key Information:

Vendor

Labredescefetrj

Status
Wegia
Vendor
CVE Published:
9 December 2025

What is CVE-2025-67501?

The WeGIA open-source web management tool for institutions exhibits an SQL Injection vulnerability in its /html/matPat/editar_categoria.php endpoint. This security flaw arises from insufficient validation and sanitization of user inputs, specifically in the id_categoria parameter. As a result, attackers can inject harmful SQL commands that the application may execute directly, potentially leading to unauthorized data exposure or manipulation. Users are advised to upgrade to version 3.5.5, where the issue has been addressed to enhance security.

Affected Version(s)

WeGIA < 3.5.5

References

https://github.com/LabRedesCefetRJ/WeGIA/security/advisor...
x_refsource_CONFIRM
https://github.com/LabRedesCefetRJ/WeGIA/commit/f04b91f58...
x_refsource_MISC
https://github.com/LabRedesCefetRJ/WeGIA/releases/tag/3.5.5
x_refsource_MISC

CVSS V4

Score:
9.4
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-67501 : SQL Injection Vulnerability in WeGIA Web Manager for Portuguese Users