CVE-2025-53946 WeGIA vulnerable to SQL Injection in endpoint profile_paciente.php parameter id_fichamedica

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.5 in the idfuncionario parameter of the /html/saude/profilepaciente.php endpoint. This vulnerability allows attacker to...

PT-2025-30058 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.4.6 Description: WeGIA is an open source web manager designed for the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability exists that allows attackers to inject malicio...

PT-2025-30057 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.4.6 Description: WeGIA is an open source web manager designed for the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability exists in the personalizacao.php endpoint...

CVE-2025-53821

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. An Open Redirect vulnerability exists in the web application prior to version 3.4.5. The control.php endpoint allows to specify an arbitrary URL via the nextPage parameter, leading to an...

CVE-2025-53822

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the relatoriogeracao.php endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows attackers to...

CVE-2025-53937 WeGIA has SQL Injection (Blind Time-Based) Vulnerability in `cargo` Parameter on `control.php` Endpoint

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the /controle/control.php endpoint, specifically in the cargo parameter, of WeGIA prior to version 3.4.5. This vulnerability allows attackers to...

CVE-2025-53936 WeGIA vulnerable to Reflected Cross-Site Scripting via endpoint `personalizacao_selecao.php` parameter `nome_car`

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the personalizacaoselecao.php endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows attackers...

CVE-2025-53933

CVE-2025-53933 affects the WeGIA open-source web manager. A stored XSS vulnerability exists in the adicionar_enfermidade.php endpoint, where user input in the nome parameter can be stored on the server and later executed when affected pages are accessed. Affected versions are those prior to 3.4.5...

CVE-2025-53931

WeGIA (open-source web manager) has a Stored Cross-Site Scripting (XSS) flaw in the adicionar_raca.php endpoint via the raca parameter, exploitable on versions prior to 3.4.5. The vulnerability allows injected scripts to be stored on the server and executed when affected pages are loaded. A patch...

CVE-2025-53929 WeGIA vulnerable to Stored Cross-Site Scripting (XSS) via endpoint `adicionar_cor.php` parameter `cor`

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the adicionarcor.php endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows attackers to inject...

CVE-2025-53823 WeGIA vulnerable to SQL Injection (Blind Time-Based) in `processa_deletar_socio.php` parameter `id_socio`

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Versions prior to 3.4.5 have a SQL Injection vulnerability in the endpoint /WeGIA/html/socio/sistema/processadeletarsocio.php, in the idsocio parameter. This vulnerability allows the execution...

CVE-2025-53821 WeGIA vulnerable to Open Redirect in endpoint 'control.php' parameter 'nextPage'

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. An Open Redirect vulnerability exists in the web application prior to version 3.4.5. The control.php endpoint allows to specify an arbitrary URL via the nextPage parameter, leading to an...

CVE-2025-53821 WeGIA vulnerable to Open Redirect in endpoint 'control.php' parameter 'nextPage'

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. An Open Redirect vulnerability exists in the web application prior to version 3.4.5. The control.php endpoint allows to specify an arbitrary URL via the nextPage parameter, leading to an...

CVE-2025-53820 WeGIA vulnerable to Cross-Site Scripting (XSS) Reflected via endpoint 'index.php' parameter 'erro'

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the index.php endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows attackers to inject...

CVE-2025-53529 WeGIA allows SQL Injection in html/funcionario/profile_funcionario.php (id_funcionario parameter)

WeGIA is a web manager for charitable institutions. An SQL Injection vulnerability was identified in the /html/funcionario/profilefuncionario.php endpoint. The idfuncionario parameter is not properly sanitized or validated before being used in a SQL query, allowing an unauthenticated attacker to...

CVE-2025-53529 WeGIA allows SQL Injection in html/funcionario/profile_funcionario.php (id_funcionario parameter)

WeGIA is a web manager for charitable institutions. An SQL Injection vulnerability was identified in the /html/funcionario/profilefuncionario.php endpoint. The idfuncionario parameter is not properly sanitized or validated before being used in a SQL query, allowing an unauthenticated attacker to...

CVE-2025-53529

CVE-2025-53529 concerns WeGIA, a web manager for charitable organizations. A SQL Injection exists in the endpoint /html/funcionario/profile_funcionario.php where the parameter id_funcionario is not properly sanitized/validated before being used in a SQL query, allowing an unauthenticated attacker...

CVE-2025-53527 WeGIA allows Time-Based Blind SQL Injection in the relatorio_geracao.php endpoint

WeGIA is a web manager for charitable institutions. A Time-Based Blind SQL Injection vulnerability was discovered in the almox parameter of the /controle/relatoriogeracao.php endpoint. This issue allows attacker to inject arbitrary SQL queries, potentially leading to unauthorized data access or...

CVE-2025-53526 WeGIA allows Stored XSS attacks in novo_memorando.php

WeGIA is a web manager for charitable institutions. An XSS Injection vulnerability was identified in novomemorando.php. After the memo was submitted, the vulnerability was confirmed by accessing listarmemorandosantigos.php. Upon loading this page, the injected script was executed in the browser...

CVE-2025-23036

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the precadastrofuncionario.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious...