CVE-2025-53937

WeGIA is affected by a SQL Injection in the /controle/control.php endpoint, specifically the cargo parameter, in versions prior to 3.4.5. The vulnerability allows execution of arbitrary SQL commands, compromising database confidentiality, integrity, and availability. Version 3.4.5 includes a fix....

CVE-2025-53937 WeGIA has SQL Injection (Blind Time-Based) Vulnerability in `cargo` Parameter on `control.php` Endpoint

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the /controle/control.php endpoint, specifically in the cargo parameter, of WeGIA prior to version 3.4.5. This vulnerability allows attackers to...

WeGIA SQL注入漏洞

WeGIA is a web manager for welfare organizations. WeGIA suffers from an SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter cargo in the /controle/control.php endpoint. An attacker can exploit this vulnerability to execute illeg...

WeGIA 跨站脚本漏洞

WeGIA is a web manager for welfare organizations by the individual developer Nilson Lazarin. A cross-site scripting vulnerability exists in WeGIA version 2.3.6, which stems from a stored cross-site scripting vulnerability contained in the cargo parameter of the control.php page...

WeGIA 跨站脚本漏洞

WeGIA is a web manager for welfare organizations by the individual developer Nilson Lazarin. WeGIA has a cross-site scripting vulnerability that stems from a stored cross-site scripting vulnerability contained in the cargo parameter of the adicionarcargo.php file...

CVE-2020-28047

AudimexEE before 14.1.1 is vulnerable to Reflected XSS Cross-Site-Scripting. If the recommended security configuration parameter "uniqueerrornumbers" is not set, remote attackers can inject arbitrary web script or HTML via 'action, cargo, panel' parameters that can lead to data leakage...