8 matches found
CVE-2025-30361
WeGIA is a Web manager for charitable institutions. A security vulnerability was identified in versions prior to 3.2.6, where it is possible to change a user's password without verifying the old password. This issue exists in the control.php endpoint and allows unauthorized attackers to bypass...
CVE-2025-30361
WeGIA is a Web manager for charitable institutions. A security vulnerability was identified in versions prior to 3.2.6, where it is possible to change a user's password without verifying the old password. This issue exists in the control.php endpoint and allows unauthorized attackers to bypass...
CVE-2025-30367
WeGIA (web manager for charitable institutions) has a SQL injection in the nextPage parameter of /WeGIA/controle/control.php for versions before 3.2.6. The root cause is unsafeguarded SQL query construction, allowing attackers to access database metadata and sensitive data. Version 3.2.6 contains...
CVE-2025-30361 WeGIA Vulnerable to Broken Authentication - Old Password Validation
WeGIA is a Web manager for charitable institutions. A security vulnerability was identified in versions prior to 3.2.6, where it is possible to change a user's password without verifying the old password. This issue exists in the control.php endpoint and allows unauthorized attackers to bypass...
CVE-2025-30361
WeGIA Web manager (versions prior to 3.2.6) contains a password-Change vulnerability in the control.php endpoint that allows unauthenticated attackers to bypass authentication and reset passwords for any user, including admins. Remediation: upgrade to version 3.2.6 or apply documented workarounds...
CVE-2024-28107 phpMyFAQ SQL injections at insertentry & saveentry
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the insertentry & saveentry when modifying records due to improper escaping of the email address. This allows any authenticated user with the...
CVE-2024-28107 phpMyFAQ SQL injections at insertentry & saveentry
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the insertentry & saveentry when modifying records due to improper escaping of the email address. This allows any authenticated user with the...
CVE-2024-28105 phpMyFAQ's File Upload Bypass at Category Image Leads to RCE
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The category image upload function in phpmyfaq is vulnerable to manipulation of the Content-type and lang parameters, allowing attackers to upload malicious files with a .php extension,...