CVE-2025-55168

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.4.8

Description: WeGIA is an open source web manager focused on the Portuguese language and charitable institutions. A SQL Injection vulnerability exists in the /html/saude/aplicar medicamento.php API endpoint, specifically in the id fichamedica parameter. This allows attackers to execute arbitrary SQL commands, potentially compromising the confidentiality, integrity, and availability of the database.

Recommendations: Update to version 3.4.8 or later.