7 matches found
CVE-2026-35475 WeGIA - Open Redirect - backup redirection — Unvalidated $_GET['redirect']
WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, the redirect parameter is taken directly from $GET with no URL validation or whitelist check, then used verbatim in a header"Location: ..." call. This vulnerability is fixed in 3.6.9...
CVE-2026-35472
WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and nomeClasse=EstoqueControle...
PT-2025-52275
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in AmentoTech Tuturn allows Path Traversal.This issue affects Tuturn: from n/a before 3.6...
CVE-2024-10244
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ISDO Software Web Software allows SQL Injection. This issue affects Web Software: before 3.6...
CVE-2024-10244 SQLi in ISDO Software's Web Software
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ISDO Software Web Software allows SQL Injection. This issue affects Web Software: before 3.6...
CVE-2024-10244
CVE-2024-10244 affects ISDO Software Web Software. The issue is an SQL Injection caused by improper neutralization of special elements in the web app, exploitable remotely (NETWORK) with no user interaction. Affected versions are Web Software prior to 3.6. Impact per metrics is high/critical (C/H...
CVE-2022-4664 Logo Slider < 3.6.0 - Contributor+ Stored XSS in Shortcode
The Logo Slider WordPress plugin before 3.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...