{ "affected": [ { "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "7e0aa0c861eddcb7771f59101bbabaa28993f44b" } ], "repo": "https://github.com/labredescefetrj/wegia", "type": "GIT" } ] } ], "database_specific": { "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-89" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/62xxx/CVE-2025-62360.json" }, "details": "WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users.Prior to 3.5.1, a SQL Injection vulnerability was identified in the /html/funcionario/dependente_documento.php endpoint, specifically in the id_dependente parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This vulnerability is fixed in 3.5.1.", "id": "CVE-2025-62360", "modified": "2026-04-01T23:10:13.453832762Z", "published": "2025-10-13T21:24:48.969Z", "references": [ { "type": "ADVISORY", "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/62xxx/CVE-2025-62360.json" }, { "type": "ADVISORY", "url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-m4j6-q5m4-x24g" }, { "type": "ADVISORY", "url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-mwvv-q9gh-gwxm" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62360" }, { "type": "REPORT", "url": "https://github.com/LabRedesCefetRJ/WeGIA/issues/310" }, { "type": "FIX", "url": "https://github.com/LabRedesCefetRJ/WeGIA/commit/7abbffd3915a64b97dde01954222fc0fbd804f70" } ], "related": [ "GHSA-m4j6-q5m4-x24g", "GHSA-mwvv-q9gh-gwxm" ], "schema_version": "1.7.3", "severity": [ { "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "type": "CVSS_V4" } ], "summary": "WeGIA SQL Injection via 'id_dependente' param at endpoint `/html/funcionario/dependente_documento.php`" }