CVE-2025-62177
- Source
- https://cve.org/CVERecord?id=CVE-2025-62177
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-62177.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-62177
- Aliases
-
- GHSA-4wrg-g9cj-hjcx
- Published
- 2025-10-13T21:09:29.683Z
- Modified
- 2026-04-10T05:32:53.953134Z
- Severity
-
- 8.6 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- WeGIA vulnerable to SQL Injection via 'id_funcionario' param at endpoint `/html/funcionario/dependente_listar.php`
- Details
-
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, a SQL Injection vulnerability was identified in the /html/funcionario/dependentelistar.php endpoint, specifically in the idfuncionario parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This vulnerability is fixed in 3.5.1.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/62xxx/CVE-2025-62177.json", "cwe_ids": [ "CWE-89" ], "cna_assigner": "GitHub_M" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/62xxx/CVE-2025-62177.json
- https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-4wrg-g9cj-hjcx
- https://nvd.nist.gov/vuln/detail/CVE-2025-62177
- https://github.com/LabRedesCefetRJ/WeGIA/commit/017fdd71380ab898570752aebc3fe1ef318a5d0d
Affected packages
Git / github.com/labredescefetrj/wegia
Affected ranges
- Type
- GIT
- Repo
- https://github.com/labredescefetrj/wegia
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed