CVE-2025-53529

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.4.3

Description: A critical issue was identified in WeGIA, a web manager for charitable institutions. The /html/funcionario/profile funcionario.php endpoint is vulnerable due to the id funcionario parameter not being properly sanitized or validated before being used in a SQL query. This allows an unauthenticated attacker to inject arbitrary SQL commands.

Recommendations: For versions prior to 3.4.3, update to version 3.4.3 to resolve the issue. As a temporary workaround, consider restricting access to the /html/funcionario/profile funcionario.php endpoint until the update is applied. Additionally, avoid using the id funcionario parameter in the affected endpoint until the issue is resolved.