Total
73 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-22596 | 1 Wegia | 1 Wegia | 2025-04-09 | N/A | 6.5 MEDIUM |
| WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the modulos_visiveis.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msg_c parameter. This vulnerability is fixed in 3.2.8. | |||||
| CVE-2025-22597 | 1 Wegia | 1 Wegia | 2025-04-09 | N/A | 8.3 HIGH |
| WeGIA is a web manager for charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the CobrancaController.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the local_recepcao parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. This vulnerability is fixed in 3.2.8. | |||||
| CVE-2025-22598 | 1 Wegia | 1 Wegia | 2025-04-09 | N/A | 8.3 HIGH |
| WeGIA is a web manager for charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the cadastrarSocio.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the local_recepcao parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. This vulnerability is fixed in 3.2.8. | |||||
| CVE-2025-22599 | 1 Wegia | 1 Wegia | 2025-04-09 | N/A | 6.5 MEDIUM |
| WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the home.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msg_c parameter. This vulnerability is fixed in 3.2.8. | |||||
| CVE-2025-22600 | 1 Wegia | 1 Wegia | 2025-04-09 | N/A | 6.5 MEDIUM |
| WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the configuracao_doacao.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the avulso parameter. This vulnerability is fixed in 3.2.8. | |||||
| CVE-2025-22613 | 1 Wegia | 1 Wegia | 2025-04-09 | N/A | 5.4 MEDIUM |
| WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `informacao_adicional.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the `descricao` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. The application fails to properly validate and sanitize user inputs in the `informacao_adicional.php` parameter. This lack of validation allows attackers to inject malicious scripts, which are then stored on the server. Whenever the affected page is accessed, the malicious payload is executed in the victim's browser, potentially compromising the user's data and system. This issue has been addressed in version 3.2.6 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2025-23036 | 1 Wegia | 1 Wegia | 2025-04-09 | N/A | 5.4 MEDIUM |
| WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `pre_cadastro_funcionario.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the `msg_e` parameter. The application fails to validate and sanitize user inputs in the `msg_e` parameter. This lack of validation permits the injection of malicious payloads, which are reflected back to the user's browser in the server's response and executed within the context of the victim's browser. This issue has been addressed in version 3.2.7. All users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2025-23037 | 1 Wegia | 1 Wegia | 2025-04-09 | N/A | 5.4 MEDIUM |
| WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `control.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the `cargo` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. The application fails to properly validate and sanitize user inputs in the `control.php` parameter. This lack of validation allows attackers to inject malicious scripts, which are then stored on the server. Whenever the affected page is accessed, the malicious payload is executed in the victim's browser, potentially compromising the user's data and system. This issue has been addressed in version 3.2.6. All users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-57030 | 1 Wegia | 1 Wegia | 2025-04-09 | N/A | 8.1 HIGH |
| Wegia < 3.2.0 is vulnerable to Cross Site Scripting (XSS) in /geral/documentos_funcionario.php via the id parameter. | |||||
| CVE-2025-29782 | 1 Wegia | 1 Wegia | 2025-03-25 | N/A | 5.4 MEDIUM |
| WeGIA is Web manager for charitable institutions A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_tipo_docs_atendido.php` endpoint in versions of the WeGIA application prior to 3.2.17. This vulnerability allows attackers to inject malicious scripts into the `tipo` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. Version 3.2.17 contains a patch for the issue. | |||||
| CVE-2024-57031 | 1 Wegia | 1 Wegia | 2025-03-24 | N/A | 9.8 CRITICAL |
| WeGIA < 3.2.0 is vulnerable to SQL Injection in /funcionario/remuneracao.php via the id_funcionario parameter. | |||||
| CVE-2024-57032 | 1 Wegia | 1 Wegia | 2025-03-19 | N/A | 9.8 CRITICAL |
| WeGIA < 3.2.0 is vulnerable to Incorrect Access Control in controle/control.php. The application does not validate the value of the old password, so it is possible to change the password by placing any value in the senha_antiga field. | |||||
| CVE-2024-57035 | 1 Wegia | 1 Wegia | 2025-03-18 | N/A | 9.8 CRITICAL |
| WeGIA v3.2.0 is vulnerable to SQL Injection viathe nextPage parameter in /controle/control.php. | |||||
| CVE-2024-57034 | 1 Wegia | 1 Wegia | 2025-03-14 | N/A | 9.8 CRITICAL |
| WeGIA < 3.2.0 is vulnerable to SQL Injection in query_geracao_auto.php via the query parameter. | |||||
| CVE-2025-27499 | 1 Wegia | 1 Wegia | 2025-03-06 | N/A | 6.1 MEDIUM |
| WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the processa_edicao_socio.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the socio_nome parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. This vulnerability is fixed in 3.2.10. | |||||
| CVE-2025-26609 | 1 Wegia | 1 Wegia | 2025-02-28 | N/A | 9.8 CRITICAL |
| WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `familiar_docfamiliar.php` endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthorized access to sensitive information. This issue has been addressed in version 3.2.14 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2025-26608 | 1 Wegia | 1 Wegia | 2025-02-28 | N/A | 9.8 CRITICAL |
| WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `dependente_docdependente.php` endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthorized access to sensitive information. This issue has been addressed in version 3.2.13 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2025-23219 | 1 Wegia | 1 Wegia | 2025-02-28 | N/A | 9.8 CRITICAL |
| WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionar_cor.php endpoint. This vulnerability allows attackers to execute arbitrary SQL commands in the database, allowing unauthorized access to sensitive information. During the exploit, it was possible to perform a complete dump of the application's database, highlighting the severity of the flaw. This vulnerability is fixed in 3.2.10. | |||||
| CVE-2025-23220 | 1 Wegia | 1 Wegia | 2025-02-28 | N/A | 9.8 CRITICAL |
| WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionar_raca.php endpoint. This vulnerability allows attackers to execute arbitrary SQL commands in the database, allowing unauthorized access to sensitive information. During the exploit, it was possible to perform a complete dump of the application's database, highlighting the severity of the flaw. This vulnerability is fixed in 3.2.10. | |||||
| CVE-2025-27096 | 1 Wegia | 1 Wegia | 2025-02-28 | N/A | 9.8 CRITICAL |
| WeGIA is a Web Manager for Institutions with a focus on Portuguese language. A SQL Injection vulnerability was discovered in the WeGIA application, personalizacao_upload.php endpoint. This vulnerability allow an authorized attacker to execute arbitrary SQL queries, allowing access to sensitive information. This issue has been addressed in version 3.2.14 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||