CVE-2026-35473 WeGIA - Open Redirect - IentradaControle - listarId() - Unvalidated $_GET['nextPage']

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarId and nomeClasse=IentradaControle. T...

CVE-2025-61603

WeGIA (web manager for charitable institutions) versions 3.4.12 and earlier contain an SQL Injection in /controle/control.php via the descricao parameter, enabling attackers to execute arbitrary SQL commands and compromise database confidentiality, integrity, and availability. The issue is fixed ...