CVE-2025-61603

WeGIA is a Web manager for charitable institutions. Versions 3.4.12 and below include an SQL Injection vulnerability which was identified in the /controle/control.php endpoint, specifically in the descricao parameter. This vulnerability allows attackers to execute arbitrary SQL commands,...

CVE-2025-61604 WeGIA: Cross-Site Request Forgery (CSRF) Vulnerability in `control.php` Endpoint

WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain a Cross-Site Request Forgery CSRF vulnerability. The delete operation for the Almoxarifado entity is exposed via HTTP GET without CSRF protection, allowing a third-party site to trigger...

CVE-2025-61604 WeGIA: Cross-Site Request Forgery (CSRF) Vulnerability in `control.php` Endpoint

WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain a Cross-Site Request Forgery CSRF vulnerability. The delete operation for the Almoxarifado entity is exposed via HTTP GET without CSRF protection, allowing a third-party site to trigger...

CVE-2025-61604

WeGIA CSRF in delete operation (Almoxarifado) affects versions 3.4.12 and earlier of WeGIA, where the delete endpoint is exposed via HTTP GET without CSRF protection, allowing an attacker to trigger actions using a victim’s authenticated session. This vulnerability is fixed in version 3.5.0. Impa...

CVE-2025-61603 WeGIA: SQL Injection (Blind Time-Based) Vulnerability in API `descricao` Parameter

WeGIA is a Web manager for charitable institutions. Versions 3.4.12 and below include an SQL Injection vulnerability which was identified in the /controle/control.php endpoint, specifically in the descricao parameter. This vulnerability allows attackers to execute arbitrary SQL commands,...

PT-2025-40427

Name of the Vulnerable Software and Affected Versions WeGIA versions 3.4.12 and below Description WeGIA is a web manager designed for charitable institutions. An Open Redirect issue exists in the control.php endpoint, specifically through the nextPage parameter...

CVE-2025-59939

WeGIA is a Web manager for charitable institutions. Prior to version 3.5.0, WeGIA is vulnerable to SQL Injection attacks in the control.php endpoint with the following parameters: nomeClasse=ProdutoControle&metodo=excluir&idproduto=malicious command. It is necessary to apply prepared statements...

WeGIA Open Redirect Vulnerability

WeGIA is a web manager for welfare organizations. WeGIA suffers from an open redirection vulnerability that stems from the control.php endpoint not handling target jumps appropriately, no detailed vulnerability details are provided at this time...

WeGIA 安全漏洞

WeGIA is a web manager for welfare organizations by the individual developer Nilson Lazarin. A security vulnerability exists in WeGIA versions prior to 3.2.0 that stems from vulnerability to a false access control attack in control/control.php...

PT-2023-28740 · Dedebiz · Dedebiz

Name of the Vulnerable Software and Affected Versions: DedeBIZ version 6.2.11 Description: The issue concerns multiple remote code execution RCE vulnerabilities. These vulnerabilities are located at the "/admin/file manage control.php" API endpoint via the $activepath and $filename parameters...

CVE-2022-29363

Phpok v6.1 was discovered to contain a deserialization vulnerability via the updatef function in logincontrol.php. This vulnerability allows attackers to getshell via writing arbitrary files...

GeniXCMS /inc/lib/Control/Backend/menus.control.php File Cross-Site Scripting Vulnerability

MetalGenix GeniXCMS is a PHP-based content management system and framework CMSF from MetalGenix Indonesia, which provides modules for user management, content management and menu management. A cross-site scripting vulnerability exists in the /inc/lib/Control/Backend/menus.control.php file in...

MetalGenix GeniXCMS SQL Injection Vulnerability (CNVD-2017-06841)

MetalGenix GeniXCMS is a PHP-based content management system and framework CMSF from MetalGenix Indonesia, which provides modules for user management, content management and menu management. A SQL injection vulnerability exists in the inc/lib/Control/Backend/menus.control.php file in MetalGenix...