WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.6 in the `/html/funcionario/profile_dependente.php` endpoint, specifically in the `id_dependente` parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. Version 3.4.6 fixes the issue.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 30 Jul 2025 20:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:wegia:wegia:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


Thu, 17 Jul 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 17 Jul 2025 14:45:00 +0000

Type Values Removed Values Added
Description WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.6 in the `/html/funcionario/profile_dependente.php` endpoint, specifically in the `id_dependente` parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. Version 3.4.6 fixes the issue.
Title WeGIA SQL Injection (Blind Time-Based) Vulnerability in id_dependente Parameter on profile_dependente.php Endpoint
Weaknesses CWE-89
References
Metrics cvssV4_0

{'score': 9.4, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2025-07-17T20:01:07.447Z

Reserved: 2025-07-16T13:22:18.204Z

Link: CVE-2025-54062

cve-icon Vulnrichment

Updated: 2025-07-17T20:00:51.284Z

cve-icon NVD

Status : Analyzed

Published: 2025-07-17T15:15:27.597

Modified: 2025-07-30T19:58:29.140

Link: CVE-2025-54062

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-07-21T15:17:17Z