Lucene search
K

6 matches found

Nuclei
Nuclei
added 9 hours ago16 views

WeGIA <= 3.6.4 - Remote Code Execution

WeGIA = 3.6.5 contains a remote code execution caused by improper validation of backup file names in the database restoration functionality, letting attackers with administrative access execute arbitrary OS commands id: CVE-2026-28409 info: name: WeGIA = 3.6.4 - Remote Code Execution author:...

10CVSS6.8AI score0.03315EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/06 9:6 p.m.15 views

CVE-2026-35399 WeGIA has Stored XSS in backup file names

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, a stored XSS vulnerability allows an attacker to inject malicious scripts through a backup filename. This could lead to unauthorized execution of malicious code in the victim's browser, compromising session data or executing...

8.5CVSS0.00288EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/06 9:6 p.m.2 views

CVE-2026-35399 WeGIA has Stored XSS in backup file names

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, a stored XSS vulnerability allows an attacker to inject malicious scripts through a backup filename. This could lead to unauthorized execution of malicious code in the victim's browser, compromising session data or executing...

8.5CVSS6.1AI score0.00288EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.10 views

WeGIA 跨站脚本漏洞

WeGIA is a network manager for welfare institutions developed by Nilson Lazarin as an individual project. Versions of WeGIA prior to 3.6.9 contained a cross-site scripting vulnerability. This vulnerability stemmed from the ability for malicious scripts to be injected into backup file names,...

8.5CVSS5.6AI score0.00288EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.9 views

WeGIA 操作系统命令注入漏洞

WeGIA is a network manager for a welfare organization developed by Nilson Lazarin. Versions of WeGIA prior to 3.6.5 contained an operating system command injection vulnerability. This vulnerability stemmed from the improper handling of special backup file names by the database recovery function,...

10CVSS6.1AI score0.03315EPSS
Exploits1References2
OSV
OSV
added 2024/11/06 12:15 a.m.4 views

CVE-2024-10028

The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.13 via the exposed process stats file during the backup process. This makes it possible for unauthenticat...

7.5CVSS5.8AI score0.0045EPSS
Exploits0References2
Rows per page
Query Builder