CVE-2025-62360 CRITICAL

CVE-2025-62360: WeGIA SQL Injection via 'id_dependente' param at endpoint `/html/funcionario/dependente_documento.php`

Vendor Labredescefetrj
Product WeGIA
Weakness CWE-89 · SQLi
Published October 13, 2025
Last update October 14, 2025
View on NVD All CVEs

CVSS base score

9.4/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

What the vulnerability does

01Description

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users.Prior to 3.5.1, a SQL Injection vulnerability was identified in the /html/funcionario/dependente_documento.php endpoint, specifically in the id_dependente parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This vulnerability is fixed in 3.5.1.

Key dates

02Disclosure timeline

October 13, 2025 CVE published
October 14, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-3107 Newsletters <= 4.9.9.8 - Authenticated (Contributor+) SQL Injection orderby Parameter CVE-2024-0464 code-projects Online Faculty Clearance HTTP GET Request delete_faculty.php sql injection CVE-2024-11257 1000 Projects Beauty Parlour Management System forgot-password.php sql injection CVE-2022-1691 Realty Workstation < 1.0.15 - Agent SQLi CVE-2022-30998 WordPress Homepage Product Organizer for WooCommerce plugin <= 1.1 - Multiple Authenticated SQL Injection (SQLi) vulnerabilities