CVE-2025-67501

EUVD-2025-202337
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Versions 3.5.4 and below contain an SQL Injection vulnerability in the /html/matPat/editar_categoria.php endpoint. The application fails to properly validate and sanitize user inputs in the id_categoria parameter, which allows attackers to inject malicious SQL payloads for direct execution. This issue is fixed in version 3.5.5.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
Affected Products (NVD)
VendorProductVersion
wegiawegia
𝑥
< 3.5.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/LabRedesCefetRJ/WeGIA/commit/f04b91f584a38c2061a071b26219dba3f25819e6
https://github.com/LabRedesCefetRJ/WeGIA/releases/tag/3.5.5
https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-hj2x-qfm3-2869