Unrated severityNVD Advisory· Published Oct 13, 2025· Updated Oct 14, 2025
WeGIA SQL Injection via 'cpf' param at endpoint `/html/funcionario/cadastro_funcionario_pessoa_existente.php`
CVE-2025-62179
Description
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, a SQL Injection vulnerability was identified in the /html/funcionario/cadastro_funcionario_pessoa_existente.php endpoint, specifically in the cpf parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This vulnerability is fixed in 3.5.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: < 3.5.1
Patches
Vulnerability mechanics
References
2- github.com/LabRedesCefetRJ/WeGIA/commit/885972c55c3a06b5275120e88bb1113754a63b26mitrex_refsource_MISC
- github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-x36x-x5j4-wfjfmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.