CVE-2025-22140

Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.2.8

Description A SQL Injection vulnerability was identified in the "/html/funcionario/dependente listar um.php" endpoint, specifically in the id dependente parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database.

Recommendations For versions prior to 3.2.8, update to version 3.2.8 to resolve the issue. As a temporary workaround, consider restricting access to the "/html/funcionario/dependente listar um.php" endpoint until the update is applied. Avoid using the id dependente parameter in the affected endpoint until the issue is resolved.