CVE-2025-62177

HIGH

Wegia < 3.5.1 - SQL Injection

Title source: rule

Description

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, a SQL Injection vulnerability was identified in the /html/funcionario/dependente_listar.php endpoint, specifically in the id_funcionario parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This vulnerability is fixed in 3.5.1.

References (2)

Scores

CVSS v3 8.8
EPSS 0.0005
EPSS Percentile 15.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE
CWE-89
Status published

Affected Products (1)

wegia/wegia < 3.5.1

Timeline

Published Oct 13, 2025
Tracked Since Feb 18, 2026