WeGIA SQL Injection via ‘id_dependente’ param at endpoint `/html/funcionario/dependente_documento.php`

9.4 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Description

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users.Prior to 3.5.1, a SQL Injection vulnerability was identified in the /html/funcionario/dependente_documento.php endpoint, specifically in the id_dependente parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This vulnerability is fixed in 3.5.1.

AI Analysis

AI processing failed - returned non-JSON response

Basic Information

ID CVE-2025-62360

Source GitHub_M

Published Oct 13, 2025 at 21:24

Affected Product

Vendor LabRedesCefetRJ

Product WeGIA

Version < 3.5.1

Affected Versions LabRedesCefetRJ WeGIA < 3.5.1

CWE Classification

CWE-89

References

{
    "lastseen": "",
    "description": "WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users.Prior to 3.5.1, a SQL Injection vulnerability was identified in the /html/funcionario/dependente_documento.php endpoint, specifically in the id_dependente parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This vulnerability is fixed in 3.5.1.",
    "published": "2025-10-13T21:24:48.969Z",
    "modified": "2025-10-13T21:24:48.969Z",
    "type": "cve",
    "title": "WeGIA SQL Injection via 'id_dependente' param at endpoint `/html/funcionario/dependente_documento.php`",
    "source": "GitHub_M",
    "references": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-mwvv-q9gh-gwxm\nhttps://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-m4j6-q5m4-x24g\nhttps://github.com/LabRedesCefetRJ/WeGIA/issues/310\nhttps://github.com/LabRedesCefetRJ/WeGIA/commit/7abbffd3915a64b97dde01954222fc0fbd804f70",
    "id": "CVE-2025-62360",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "LabRedesCefetRJ WeGIA < 3.5.1",
    "sourceHref": "",
    "cvss": {
        "score": 9.4,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "WeGIA",
    "version": "< 3.5.1",
    "vendor": "LabRedesCefetRJ",
    "ai_description": "AI processing failed - returned non-JSON response",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

WeGIA SQL Injection via ‘id_dependente’ param at endpoint `/html/funcionario/dependente_documento.php`_CVE-2025-62360