CVE-2025-54062

Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.4.6

Description WeGIA is an open source web manager. A SQL Injection vulnerability exists in versions prior to 3.4.6. This vulnerability allows attackers to execute arbitrary SQL commands via the /html/funcionario/profile dependente.php endpoint through the id dependente parameter, potentially compromising the confidentiality, integrity, and availability of the database.

Recommendations Update to version 3.4.6 or later. As a temporary workaround, restrict access to the /html/funcionario/profile dependente.php endpoint. Avoid using the id dependente parameter in the affected API endpoint until the issue is resolved.