CVE-2025-62179
- Source
- https://cve.org/CVERecord?id=CVE-2025-62179
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-62179.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-62179
- Aliases
-
- GHSA-x36x-x5j4-wfjf
- Published
- 2025-10-13T21:13:59.524Z
- Modified
- 2026-04-10T05:32:52.631555Z
- Severity
-
- 8.6 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- WeGIA SQL Injection via 'cpf' param at endpoint `/html/funcionario/cadastro_funcionario_pessoa_existente.php`
- Details
-
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, a SQL Injection vulnerability was identified in the /html/funcionario/cadastrofuncionariopessoa_existente.php endpoint, specifically in the cpf parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This vulnerability is fixed in 3.5.1.
- Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-89" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/62xxx/CVE-2025-62179.json" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/62xxx/CVE-2025-62179.json
- https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-x36x-x5j4-wfjf
- https://nvd.nist.gov/vuln/detail/CVE-2025-62179
- https://github.com/LabRedesCefetRJ/WeGIA/commit/885972c55c3a06b5275120e88bb1113754a63b26
Affected packages
Git / github.com/labredescefetrj/wegia
Affected ranges
- Type
- GIT
- Repo
- https://github.com/labredescefetrj/wegia
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed