3 matches found
The vulnerability in the WeGIA web manager’s /html/funcionario/profile_dependente.php script allows a perpetrator to disclose confidential information, increase their privileges, or execute arbitrary code.
The vulnerability in the WeGIA web manager’s /html/funcionario/profiledependente.php script relates to the failure to protect the SQL query structure when processing the iddependente parameter. Exploiting this vulnerability can allow an attacker to disclose confidential information, enhance their...
CVE-2025-54062 WeGIA SQL Injection (Blind Time-Based) Vulnerability in id_dependente Parameter on profile_dependente.php Endpoint
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.6 in the /html/funcionario/profiledependente.php endpoint, specifically in the iddependente parameter. This vulnerability...
CVE-2025-54062
Summary: CVE-2025-54062 affects WeGIA, an open source web manager. A SQL Injection flaw exists in versions prior to 3.4.6 in the /html/funcionario/profile_dependente.php endpoint, specifically in the id_dependente parameter. Root cause is lack of input validation for externally supplied SQL state...